Vulnerabilities > CVE-2015-1419 - Security Bypass vulnerability in vsftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_VSFTPD-150224.NASL description vsftpd has been updated to fix one security issue : - Config option deny_file was not handled correctly (bnc#915522, bnc#900326). (CVE-2015-1419) last seen 2020-06-01 modified 2020-06-02 plugin id 81641 published 2015-03-05 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81641 title SuSE 11.3 Security Update : vsftpd (SAT Patch Number 10372) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(81641); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2015/03/05 14:26:23 $"); script_cve_id("CVE-2015-1419"); script_name(english:"SuSE 11.3 Security Update : vsftpd (SAT Patch Number 10372)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "vsftpd has been updated to fix one security issue : - Config option deny_file was not handled correctly (bnc#915522, bnc#900326). (CVE-2015-1419)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=900326" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=915522" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-1419.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 10372."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:vsftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, reference:"vsftpd-2.0.7-4.29.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-197.NASL description vsftpd was updated to fix one security issue. This security issue was fixed : - CVE-2015-1419: vsftpd config option deny_file was not handled correctly (bnc#915522). Note: deny_file shouldn last seen 2020-06-05 modified 2015-03-05 plugin id 81623 published 2015-03-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81623 title openSUSE Security Update : vsftpd (openSUSE-2015-197) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-197. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(81623); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-1419"); script_name(english:"openSUSE Security Update : vsftpd (openSUSE-2015-197)"); script_summary(english:"Check for the openSUSE-2015-197 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "vsftpd was updated to fix one security issue. This security issue was fixed : - CVE-2015-1419: vsftpd config option deny_file was not handled correctly (bnc#915522). Note: deny_file shouldn't be used to restrict access, as stated in the documentation. Please use more reliable methods." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900326" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915522" ); script_set_attribute( attribute:"solution", value:"Update the affected vsftpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vsftpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vsftpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vsftpd-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"vsftpd-3.0.2-10.12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vsftpd-debuginfo-3.0.2-10.12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vsftpd-debugsource-3.0.2-10.12.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"vsftpd-3.0.2-14.9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"vsftpd-debuginfo-3.0.2-14.9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"vsftpd-debugsource-3.0.2-14.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vsftpd / vsftpd-debuginfo / vsftpd-debugsource"); }