CVE-2019-19270
First published: Tue Nov 26 2019(Updated: )
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Proftpd Proftpd | <=1.3.5 | |
| Proftpd Proftpd | =1.3.6 | |
| Proftpd Proftpd | =1.3.6-alpha | |
| Proftpd Proftpd | =1.3.6-beta | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
- https://github.com/proftpd/proftpd/issues/859
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/
Frequently Asked Questions
What is the severity of CVE-2019-19270?
The severity of CVE-2019-19270 is high with a severity value of 7.5.
How does CVE-2019-19270 impact ProFTPD?
CVE-2019-19270 impacts ProFTPD versions 1.3.5 and 1.3.6, potentially allowing clients with invalid certificates to be accepted.
How can I check if my ProFTPD version is affected by CVE-2019-19270?
You can check if your ProFTPD version is affected by CVE-2019-19270 by verifying if it is either 1.3.5 or 1.3.6.
What is the Common Weakness Enumeration (CWE) ID for CVE-2019-19270?
The Common Weakness Enumeration (CWE) ID for CVE-2019-19270 is CWE-295.
Are there any references available for CVE-2019-19270?
Yes, there are references available for CVE-2019-19270. You can find them at: [reference 1], [reference 2], [reference 3].
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/proftpd
- canonical/proftpd proftpd
- version/proftpd proftpd/1.3.5
- version/proftpd proftpd/1.3.6
- version/proftpd proftpd/1.3.6-alpha
- version/proftpd proftpd/1.3.6-beta
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31