Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0115
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0115)
Zusammenfassung:	The remote host is missing an update for the 'proftpd' package(s) announced via the MGASA-2017-0115 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'proftpd' package(s) announced via the MGASA-2017-0115 advisory. Vulnerability Insight: ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user (CVE-2017-7418). Affected Software/OS: 'proftpd' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7418 BugTraq ID: 97409 http://www.securityfocus.com/bid/97409 SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.