Vulnerability CVE-2020-9272: Information

Description

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: Feb. 20, 2020
Modified: Nov. 9, 2021
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
proftpdsisyphus1.3.6-alt0.4.ga73dbfe3b1.3.8-alt0.2.ga3489a6c8ALT-PU-2020-2975-1259417Fixed
proftpdsisyphus_e2k1.3.7-alt0.1.c1.3.8-alt0.2.ga3489a6c8ALT-PU-2022-3450-1-Fixed
proftpdsisyphus_riscv641.3.7-alt0.1.c1.3.8-alt0.2.ga3489a6c8ALT-PU-2022-3482-1-Fixed
proftpdp101.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2975-1259417Fixed
proftpdp91.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2992-1259400Fixed
proftpdc10f11.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2975-1259417Fixed
proftpdc9f21.3.8-alt0.2.ga3489a6c81.3.8-alt0.2.ga3489a6c8ALT-PU-2023-5874-2329854Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
  • Release Notes
  • Third Party Advisory
https://github.com/proftpd/proftpd/issues/902
  • Issue Tracking
  • Patch
  • Third Party Advisory
openSUSE-SU-2020:0273
  • Mailing List
  • Third Party Advisory
GLSA-202003-35
  • Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
  • Third Party Advisory
    1. Configuration 1

      cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
      End excliding
      1.3.6c

      Configuration 2

      cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

      cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

      cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*