SB2025032665 - SUSE update for proftpd 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025032665

SB2025032665 - SUSE update for proftpd

Published: March 26, 2025

Security Bulletin ID SB2025032665
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper privilege management (CVE-ID: CVE-2024-48651)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper privilege management when handling users without assigned supplementary groups. If the user has no groups assigned to their account, the server will assume the GID of 0 for this account. As a result, the user will gain access to files and directories owned by the system root user and will be able to modify them at will, leading to privilege escalation and system compromise.


2) NULL pointer dereference (CVE-ID: CVE-2024-57392)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote authenticated user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References