 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.100316 |
| Kategorie: | FTP |
| Titel: | ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability |
| Zusammenfassung: | ProFTPD is prone to a security bypass vulnerability because the; application fails to properly validate the domain name in a signed CA; certificate, allowing attackers to substitute malicious SSL; certificates for trusted ones. |
| Beschreibung: | Summary: ProFTPD is prone to a security bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Vulnerability Impact: Successful exploits allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Affected Software/OS: Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable. Solution: Updates are available. Please see the references for details. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3639 36804 http://www.securityfocus.com/bid/36804 37131 http://secunia.com/advisories/37131 37219 http://secunia.com/advisories/37219 DSA-1925 http://www.debian.org/security/2009/dsa-1925 FEDORA-2009-11649 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html FEDORA-2009-11666 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html MDVSA-2009:288 http://www.mandriva.com/security/advisories?name=MDVSA-2009:288 [oss-security] 20091023 Re: proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification http://marc.info/?l=oss-security&m=125632960508211&w=2 [oss-security] 20091023 proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification http://marc.info/?l=oss-security&m=125630966510672&w=2 http://bugs.proftpd.org/show_bug.cgi?id=3275 https://bugzilla.redhat.com/show_bug.cgi?id=530719 proftpd-modtls-security-bypass(53936) https://exchange.xforce.ibmcloud.com/vulnerabilities/53936 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |