CVE-2015-1419

NameCVE-2015-1419
DescriptionUnspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs776922

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vsftpd (PTS)wheezy2.3.5-3vulnerable
jessie3.0.2-17+deb8u1fixed
stretch3.0.3-8fixed
buster, sid3.0.3-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vsftpdsource(unstable)3.0.2-18unimportant776922
vsftpdsourcejessie3.0.2-17+deb8u1medium

Notes

http://seclists.org/oss-sec/2015/q1/389
Not a real security feature according the manpage and upstream
Search for package or bug name: Reporting problems