Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795)
Martin Mirchev discovered that ProFTPD did not properly validate user input over the network. An attacker could use this vulnerability to crash ProFTPD or execute arbitrary code. (CVE-2023-51713)
Brian Ristuccia discovered that ProFTPD incorrectly inherited groups from the parent process. An attacker could use this vulnerability to elevate privileges. (CVE-2024-48651)
{ "binaries": [ { "binary_name": "proftpd-basic", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-basic-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-dev", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-doc", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite", "binary_version": "1.3.6c-2ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite-dbgsym", "binary_version": "1.3.6c-2ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "proftpd-basic", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-core", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-core-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-dev", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-doc", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-crypto", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-crypto-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-wrap", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-wrap-dbgsym", "binary_version": "1.3.7c+dfsg-1ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "proftpd-core", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-core-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-dev", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-doc", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-crypto", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-crypto-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-geoip-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-ldap-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-mysql-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-odbc-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-pgsql-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-snmp-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-sqlite-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-wrap", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" }, { "binary_name": "proftpd-mod-wrap-dbgsym", "binary_version": "1.3.8.b+dfsg-1ubuntu0.1" } ], "availability": "No subscription required" }