ProFTPD AllowChrootSymlinks Configuration Option Bypass Vulnerability
A vulnerability in ProFTPD could allow a local attacker to bypass security restrictions on a targeted system.
The vulnerability exists because the affected software, when using the AllowChrootSymlinks off configuration option, checks only if the last component of the path is a symbolic link (symlink) instead of checking the entire DefaultRoot path for symlinks. An attacker could exploit this vulnerability to bypass the AllowChrootSymlinks control by replacing a path component other than the last component in the path with a symlink. A successful exploit could be used to conduct further attacks.
ProFTPD has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium