Candidate: CVE-2015-1419
PublicDate: 2015-01-28 11:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1419
 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html
 http://secunia.com/advisories/62415
 http://lists.opensuse.org/opensuse-updates/2015-01/msg00041.html
 http://seclists.org/oss-sec/2015/q1/389
Description:
 Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote
 attackers to bypass access restrictions via unknown vectors, related to
 deny_file parsing.
Ubuntu-Description:
Notes:
 mdeslaur> man page says this isn't a security feature
Bugs:
 https://bugzilla.novell.com/show_bug.cgi?id=915522
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_vsftpd:
upstream_vsftpd: released (3.0.2-18)
lucid_vsftpd: ignored (reached end-of-life)
precise_vsftpd: ignored (reached end-of-life)
precise/esm_vsftpd: ignored (end of ESM support, was needed)
trusty_vsftpd: ignored (reached end-of-life)
trusty/esm_vsftpd: needed
utopic_vsftpd: ignored (reached end-of-life)
vivid_vsftpd: not-affected (3.0.2-18ubuntu1)
vivid/stable-phone-overlay_vsftpd: DNE
vivid/ubuntu-core_vsftpd: DNE
wily_vsftpd: not-affected (3.0.2-18ubuntu1)
xenial_vsftpd: not-affected (3.0.2-18ubuntu1)
esm-infra/xenial_vsftpd: not-affected (3.0.2-18ubuntu1)
yakkety_vsftpd: not-affected (3.0.2-18ubuntu1)
zesty_vsftpd: not-affected (3.0.2-18ubuntu1)
artful_vsftpd: not-affected (3.0.2-18ubuntu1)
bionic_vsftpd: not-affected (3.0.2-18ubuntu1)
cosmic_vsftpd: not-affected (3.0.2-18ubuntu1)
disco_vsftpd: not-affected (3.0.2-18ubuntu1)
eoan_vsftpd: not-affected (3.0.2-18ubuntu1)
focal_vsftpd: not-affected (3.0.2-18ubuntu1)
groovy_vsftpd: not-affected (3.0.2-18ubuntu1)
hirsute_vsftpd: not-affected (3.0.2-18ubuntu1)
impish_vsftpd: not-affected (3.0.2-18ubuntu1)
jammy_vsftpd: not-affected (3.0.2-18ubuntu1)
devel_vsftpd: not-affected (3.0.2-18ubuntu1)