Security
Security
A vulnerability in ProFTPD could lead to a Denial of Service condition.
| Package | net-ftp/proftpd on all architectures |
|---|---|
| Affected versions | < 1.3.7a |
| Unaffected versions | >= 1.3.7a |
ProFTPD is an advanced and very configurable FTP server.
It was found that ProFTPD did not properly handle invalid SCP commands.
An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7a"
Release date
September 13, 2020
Latest revision
September 13, 2020: 1
Severity
low
Exploitable
local, remote
Bugzilla entries