CVE-2017-12170

{"id": "CVE-2017-12170", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-09-21T21:29:00.213", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114", "tags": ["Issue Tracking", "Tool Signature", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114", "tags": ["Issue Tracking", "Tool Signature", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd."}, {"lang": "es", "value": "La versi\u00f3n downstream 1.0.46-1 de pure-ftpd, tal y como viene distribuido en Fedora, es vulnerable a los errores de empaquetado ya que se ignora la configuraci\u00f3n original despu\u00e9s de que se actualice y que el servicio empiece a ejecutarse con la configuraci\u00f3n por defecto. Esto provoca un impacto en la seguridad por omitir configuraciones de seguridad. Este problema no aplica a la versi\u00f3n upstream de pure-ftpd."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.46-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE04278C-F528-438A-A89A-BDC89E53269C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}