Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:450

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51494

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:450

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:450.

ProFTPD is a highly configurable FTP daemon written from scratch for
Unix and Unix-like operating systems.

This advisory addresses two security problems:

1. ProFTPD was not forward resolving reverse-resolved hostnames. A
remote attacker could explore this vulnerability[1] to bypass ProFTPD
access control lists or have false information (client hostname)
logged. It was discovered by Matthew S. Hallacy
.

2. A DoS vulnerability[2] was found by Frank Denis. By sending a
malicious command to the server, a remote attacker could force the
process to consume all CPU and memory resources available to it.
Multiple attack instances could effectively bring the server down.

This update also fixes a Segmentation Fault problem, found[3] by
Mattias , which was further analyzed and
considered by the developers as not exploitable.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:450
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51494
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:450
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:450. ProFTPD is a highly configurable FTP daemon written from scratch for Unix and Unix-like operating systems. This advisory addresses two security problems: 1. ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could explore this vulnerability[1] to bypass ProFTPD access control lists or have false information (client hostname) logged. It was discovered by Matthew S. Hallacy . 2. A DoS vulnerability[2] was found by Frank Denis. By sending a malicious command to the server, a remote attacker could force the process to consume all CPU and memory resources available to it. Multiple attack instances could effectively bring the server down. This update also fixes a Segmentation Fault problem, found[3] by Mattias , which was further analyzed and considered by the developers as not exploitable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:450 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com