CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12170

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile42.43th
PublishedSep 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Affected Platforms (CPE)

📦
Pureftpd

Pure Ftpd

= 1.0.46-1
💻
Fedoraproject

Fedora

= 26
💻
Fedoraproject

Fedora

= 27

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1493114
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1493114

Related Vulnerabilities

CVE-2020-93657.5

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

CVE-2020-92747.5

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked lis...

CVE-2020-353597.5

Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection li...

CVE-2019-201767.5

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.