What Are You Looking For?

Sign Up
=========================================================================Ubuntu Security Notice USN-4515-1
September 17, 2020

pure-ftpd vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Pure-FTPd could be made to expose sensitive information if it recieved
specially crafted input.

Software Description:
- pure-ftpd: Secure and efficient FTP server

Details:

Antonio Norales discovered that Pure-FTPd incorrectly handled directory
aliases. An attacker could possibly use this issue to access sensitive
information. (CVE-2020-9274)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  pure-ftpd                       1.0.36-3.2+deb8u1build0.16.04.1
  pure-ftpd-common                1.0.36-3.2+deb8u1build0.16.04.1
  pure-ftpd-ldap                  1.0.36-3.2+deb8u1build0.16.04.1
  pure-ftpd-mysql                 1.0.36-3.2+deb8u1build0.16.04.1
  pure-ftpd-postgresql            1.0.36-3.2+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4515-1
  CVE-2020-9274

Package Information:
  https://launchpad.net/ubuntu/+source/pure-ftpd/1.0.36-3.2+deb8u1build0.16.04.1

Ubuntu 4515-1: Pure-FTPd vulnerability

September 17, 2020
Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: pure-ftpd 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-common 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-ldap 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-mysql 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-postgresql 1.0.36-3.2+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes.

References

https://usn.ubuntu.com/4515-1

CVE-2020-9274

Severity
September 17, 2020

Package Information

https://launchpad.net/ubuntu/+source/pure-ftpd/1.0.36-3.2+deb8u1build0.16.04.1

Related News

DISA Issues Security Technical Implementation Guide for TOSS 4 Operating System

Jan 15, 2023

Notorious Downfall & Inception Microcode Info Disclosure Vulns Fixed

Aug 24, 2023

OpenJDK DoS, Info Disclosure Vulns Fixed

Jun 22, 2023

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo