Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1419 to the following vulnerability: Name: CVE-2015-1419 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1419 Assigned: 20150127 Reference: http://secunia.com/advisories/62415 Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
Created vsftpd tracking bugs for this issue: Affects: fedora-all [bug 1187043]
As per the vsftpd.conf man page: "This option is very simple, and should not be used for serious access control - the filesystem's permissions should be used in preference. However, this option may be useful in certain virtual user setups. In particular aware that if a filename is accessible by a variety of names (perhaps due to symbolic links or hard links), then care must be taken to deny access to all the names." The man page advices users to exercise caution when using the deny_file option and mentions that filesystem permissions should be preferred. Based on the above documentation, Red Hat Product Security Team, does not consider this issue as a security flaw.
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.