FreeBSD : proftpd -- user chroot escape vulnerability (770d7e91-72af-11e7-998a-08606e47f965)
Low Nessus Plugin ID 102030
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionNVD reports :
ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.
SolutionUpdate the affected package.