Описание
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| proftpd-dfsg | fixed | 1.3.6-1 | package | |
| proftpd-dfsg | not-affected | stretch | package | |
| proftpd-dfsg | not-affected | jessie | package |
Примечания
https://github.com/proftpd/proftpd/issues/858
Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c)
Связанные уязвимости
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Уязвимость FTP-сервера ProFTPD, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
