Test Kennung:	1.3.6.1.4.1.25623.1.0.11450
Kategorie:	FTP
Titel:	Debian proftpd 1.2.0 runs as root
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The following problems have been reported for the version of proftpd in Debian 2.2 (potato): 1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect. 2. There is a bug that comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed when it's started again a file named /var is created. See also : http://www.debian.org/security/2001/dsa-032 Solution : Upgrade your proftpd server to proftpd-1.2.0pre10-2.0potato1 Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0456 Debian Security Information: DSA-032 (Google Search) http://www.debian.org/security/2001/dsa-032 XForce ISS Database: proftpd-postinst-root(6208) https://exchange.xforce.ibmcloud.com/vulnerabilities/6208
Copyright	This script is Copyright (C) 2003 Renaud Deraison

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.