USN-7297-1
- Source
- https://ubuntu.com/security/notices/USN-7297-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7297-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7297-1
- Upstream
- Related
- Published
- 2025-02-25T15:13:53.570507Z
- Modified
- 2025-07-16T08:56:48.546735Z
- Summary
- ProFTPD vulnerabilities
- Details
-
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795)
Martin Mirchev discovered that ProFTPD did not properly validate user input over the network. An attacker could use this vulnerability to crash ProFTPD or execute arbitrary code. (CVE-2023-51713)
Brian Ristuccia discovered that ProFTPD incorrectly inherited groups from the parent process. An attacker could use this vulnerability to elevate privileges. (CVE-2024-48651)
- References
Affected packages
Ubuntu:20.04:LTS / proftpd-dfsg
Package
- Name
- proftpd-dfsg
- Purl
- pkg:deb/ubuntu/proftpd-dfsg@1.3.6c-2ubuntu0.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.6c-2ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "proftpd-basic",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-basic-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-dev",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-doc",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite",
"binary_version": "1.3.6c-2ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite-dbgsym",
"binary_version": "1.3.6c-2ubuntu0.1"
}
],
"availability": "No subscription required"
}
Ubuntu:22.04:LTS / proftpd-dfsg
Package
- Name
- proftpd-dfsg
- Purl
- pkg:deb/ubuntu/proftpd-dfsg@1.3.7c+dfsg-1ubuntu0.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.7c+dfsg-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "proftpd-basic",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-core",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-core-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-dev",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-doc",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-crypto",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-crypto-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-wrap",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-wrap-dbgsym",
"binary_version": "1.3.7c+dfsg-1ubuntu0.1"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / proftpd-dfsg
Package
- Name
- proftpd-dfsg
- Purl
- pkg:deb/ubuntu/proftpd-dfsg@1.3.8.b+dfsg-1ubuntu0.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.8.b+dfsg-1ubuntu0.1
Affected versions
1.*
1.3.8+dfsg-8
1.3.8.a+dfsg-1
1.3.8.b+dfsg-1
1.3.8.b+dfsg-1build1
1.3.8.b+dfsg-1build2
1.3.8.b+dfsg-1build3
Ecosystem specific
{
"binaries": [
{
"binary_name": "proftpd-core",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-core-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-dev",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-doc",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-crypto",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-crypto-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-geoip-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-ldap-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-mysql-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-odbc-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-pgsql-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-snmp-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-sqlite-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-wrap",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
},
{
"binary_name": "proftpd-mod-wrap-dbgsym",
"binary_version": "1.3.8.b+dfsg-1ubuntu0.1"
}
],
"availability": "No subscription required"
}