CVE-2017-12170

Summary

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.pure-ftpdFedora downstream version pure-ftpd-1.0.46-1affected

Weaknesses

  • unsafe configuration

ADP Enrichment

CVE Program Container

Additional References

References