Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58408
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2007:130 (proftpd)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to proftpd
announced via advisory MDKSA-2007:130.

The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
authentication.

The updated packages have been patched to prevent this issue. As well,
this update provides proper PAM configuration files for ProFTPD
on Corporate Server 4 that had prevented any mod_auth_pam-based
connections from succeeding authentication.

As well, ProFTPD 1.3.0 is being provided for Corporate 3 and Corporate
Server 4.

Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:130

Risk factor : High

CVSS Score:
5.1

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-2165
BugTraq ID: 23546
http://www.securityfocus.com/bid/23546
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://osvdb.org/34602
http://securitytracker.com/id?1017931
http://secunia.com/advisories/24867
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://www.vupen.com/english/advisories/2007/1444
XForce ISS Database: proftpd-authapi-security-bypass(33733)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.