Test Kennung:	1.3.6.1.4.1.25623.1.0.57742
Kategorie:	Trustix Local Security Checks
Titel:	Trustix Security Advisory TSLSA-2006-0074 (kernel, proftpd)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0074. kernel < TSL 3.0 > - New upstream. - SECURITY FIX: A vulnerability has been identified which could be exploited by malicious users to bypass security restrictions. This issue is due to an error in the do_coredump() [fs/exec.c] function where the flag variable is set but never used, which could be exploited by attackers to manipulate certain files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304 to this issue. proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Alfredo Ortega has reported a vulnerability in the mod_ctrls module for ProFTPD, caused due to a boundary error within the pr_ctrls_recv_request() function in src/ctrls.c. This can be exploited to cause a buffer overflow by sending specially crafted control messages to the module. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-6563 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0074 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6304 BugTraq ID: 21591 http://www.securityfocus.com/bid/21591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7446 RedHat Security Advisories: RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://secunia.com/advisories/23349 http://www.trustix.org/errata/2006/0074/ http://www.vupen.com/english/advisories/2006/5002 Common Vulnerability Exposure (CVE) ID: CVE-2006-6563 BugTraq ID: 21587 http://www.securityfocus.com/bid/21587 Bugtraq: 20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/454320/100/0/threaded Bugtraq: 20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit (Google Search) http://www.securityfocus.com/archive/1/460648/100/0/threaded Bugtraq: 20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit (Google Search) http://www.securityfocus.com/archive/1/460756/100/0/threaded https://www.exploit-db.com/exploits/3330 http://security.gentoo.org/glsa/glsa-200702-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:232 http://www.coresecurity.com/?module=ContentMod&action=item&id=1594 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html http://secunia.com/advisories/23371 http://secunia.com/advisories/23392 http://secunia.com/advisories/23473 http://secunia.com/advisories/24163 http://www.vupen.com/english/advisories/2006/4998 XForce ISS Database: proftpd-controls-bo(30906) https://exchange.xforce.ibmcloud.com/vulnerabilities/30906
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.