CVE-2010-3867

EUVD-2010-3845
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
proftpdproftpd
1.2.10
proftpdproftpd
1.2.10:rc1
proftpdproftpd
1.2.10:rc2
proftpdproftpd
1.2.10:rc3
proftpdproftpd
1.3.0
proftpdproftpd
1.3.0:a
proftpdproftpd
1.3.0:rc1
proftpdproftpd
1.3.0:rc2
proftpdproftpd
1.3.0:rc3
proftpdproftpd
1.3.0:rc4
proftpdproftpd
1.3.0:rc5
proftpdproftpd
1.3.1
proftpdproftpd
1.3.1:rc1
proftpdproftpd
1.3.1:rc2
proftpdproftpd
1.3.1:rc3
proftpdproftpd
1.3.2
proftpdproftpd
1.3.2:a
proftpdproftpd
1.3.2:b
proftpdproftpd
1.3.2:c
proftpdproftpd
1.3.2:d
proftpdproftpd
1.3.2:e
proftpdproftpd
1.3.2:rc1
proftpdproftpd
1.3.2:rc2
proftpdproftpd
1.3.2:rc3
proftpdproftpd
1.3.2:rc4
proftpdproftpd
1.3.3
proftpdproftpd
1.3.3:a
proftpdproftpd
1.3.3:b
proftpdproftpd
1.3.3:rc1
proftpdproftpd
1.3.3:rc2
proftpdproftpd
1.3.3:rc3
proftpdproftpd
1.3.3:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
proftpd-dfsg
bookworm
1.3.8+dfsg-4+deb12u3
fixed
bullseye
1.3.7a+dfsg-12+deb11u2
fixed
sid
1.3.8.b+dfsg-3
fixed
trixie
1.3.8.b+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
proftpd
dapper
ignored
hardy
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
proftpd-dfsg
dapper
dne
hardy
ignored
karmic
ignored
lucid
Fixed 1.3.2c-1ubuntu0.1
released
maverick
Fixed 1.3.2e-4ubuntu0.1
released
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.proftpd.org/show_bug.cgi?id=3519
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html
http://secunia.com/advisories/42047
http://secunia.com/advisories/42052
http://secunia.com/advisories/42217
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209
http://www.debian.org/security/2011/dsa-2191
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227
http://www.openwall.com/lists/oss-security/2010/11/01/4
http://www.proftpd.org/docs/NEWS-1.3.3c
http://www.securityfocus.com/bid/44562
http://www.vupen.com/english/advisories/2010/2853
http://www.vupen.com/english/advisories/2010/2941
http://www.vupen.com/english/advisories/2010/2959
http://www.vupen.com/english/advisories/2010/2962
http://bugs.proftpd.org/show_bug.cgi?id=3519
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html
http://secunia.com/advisories/42047
http://secunia.com/advisories/42052
http://secunia.com/advisories/42217
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209
http://www.debian.org/security/2011/dsa-2191
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227
http://www.openwall.com/lists/oss-security/2010/11/01/4
http://www.proftpd.org/docs/NEWS-1.3.3c
http://www.securityfocus.com/bid/44562
http://www.vupen.com/english/advisories/2010/2853
http://www.vupen.com/english/advisories/2010/2941
http://www.vupen.com/english/advisories/2010/2959
http://www.vupen.com/english/advisories/2010/2962