Test Kennung:	1.3.6.1.4.1.25623.1.0.900133
Kategorie:	FTP
Titel:	ProFTPD Long Command Handling Security Vulnerability
Zusammenfassung:	ProFTPD Server is prone to a cross-site request forgery (CSRF) vulnerability.
Beschreibung:	Summary: ProFTPD Server is prone to a cross-site request forgery (CSRF) vulnerability. Vulnerability Insight: The flaw exists due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. Vulnerability Impact: This can be exploited to execute arbitrary FTP commands on another user's session privileges. Affected Software/OS: ProFTPD Server version prior 1.3.2rc3. Solution: Upgrade to the latest version 1.3.2rc3. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4242 BugTraq ID: 31289 http://www.securityfocus.com/bid/31289 Debian Security Information: DSA-1689 (Google Search) http://www.debian.org/security/2008/dsa-1689 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 http://www.securitytracker.com/id?1020945 http://secunia.com/advisories/31930 http://secunia.com/advisories/33261 http://secunia.com/advisories/33413 http://securityreason.com/securityalert/4313 http://securityreason.com/achievement_securityalert/56 XForce ISS Database: proftpd-url-csrf(45274) https://exchange.xforce.ibmcloud.com/vulnerabilities/45274
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.