{"schema_version":"1.7.2","id":"OESA-2025-2083","modified":"2025-08-29T11:17:59Z","published":"2025-08-29T11:17:59Z","upstream":["CVE-2024-57392"],"summary":"proftpd security update","details":"ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. %if 1 This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. %else This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. %endif\r\n\r\nSecurity Fix(es):\n\nBuffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.(CVE-2024-57392)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"proftpd","purl":"pkg:rpm/openEuler/proftpd&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8b-4.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["proftpd-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-debuginfo-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-debugsource-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-devel-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-ldap-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-mysql-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-postgresql-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-sqlite-1.3.8b-4.oe2003sp4.aarch64.rpm","proftpd-utils-1.3.8b-4.oe2003sp4.aarch64.rpm"],"src":["proftpd-1.3.8b-4.oe2003sp4.src.rpm"],"x86_64":["proftpd-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-debuginfo-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-debugsource-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-devel-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-ldap-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-mysql-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-postgresql-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-sqlite-1.3.8b-4.oe2003sp4.x86_64.rpm","proftpd-utils-1.3.8b-4.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2083"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57392"}],"database_specific":{"severity":"High"}}