How severe is CVE-2017-7418?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2017-7418?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2017-7418 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

Related Vulnerabilities

CVE-1999-0783

MEDIUM

CVSS:5.5(Medium)

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CWE-591999

CVE-1999-1386

MEDIUM

CVSS:5.5(Medium)

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CWE-591999

CVE-2000-0972

MEDIUM

CVSS:5.5(Medium)

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messag...

CWE-592000

CVE-2000-1178

MEDIUM

CVSS:5.5(Medium)

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

CWE-592000

CVE-2001-1494

MEDIUM

CVSS:5.5(Medium)

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root exe...

CWE-592001

CVE-2002-0725

MEDIUM

CVSS:5.5(Medium)

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail...

CWE-592002