Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-19270

Опубликовано: 26 нояб. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
proftpd-dfsgfixed1.3.6b-2package
proftpd-dfsgfixed1.3.6-4+deb10u3busterpackage
proftpd-dfsgnot-affectedstretchpackage
proftpd-dfsgnot-affectedjessiepackage

Примечания

  • https://github.com/proftpd/proftpd/issues/859

  • https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master)

  • https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch)

  • Introduced in: https://github.com/proftpd/proftpd/commit/0e27c53177db6e1ce4196c772c119071678c77a7 (v1.3.5c)

EPSS

Процентиль: 42%
0.00198
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-19270

CVSS3: 7.5
ubuntu
около 6 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

nvd логотип

CVE-2019-19270

CVSS3: 7.5
nvd
около 6 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

github логотип

GHSA-5pjj-3qp3-rjg3

github
больше 3 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

fstec логотип

BDU:2025-13444

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость FTP-сервера ProFTPD, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю манипулировать данными

suse-cvrf логотип

openSUSE-SU-2020:0031-1

suse-cvrf
почти 6 лет назад

Security update for proftpd

EPSS

Процентиль: 42%
0.00198
Низкий