Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0128)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0128

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0128)

Zusammenfassung: The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.

Vulnerability Insight:
Updated pure-ftpd packages fix security vulnerabilities:

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is called,
they fail to correctly detect the end of the linked list and try to access
a non-existent list member. This is related to init_aliases in diraliases.c.
(CVE-2019-9274).

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has
been detected in the pure_strcmp function in utils.c (CVE-2019-9365).

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir
function in ls.c (CVE-2019-20176).

Affected Software/OS:
'pure-ftpd' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-20176
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Common Vulnerability Exposure (CVE) ID: CVE-2019-9274
https://source.android.com/security/bulletin/pixel/2019-09-01
Common Vulnerability Exposure (CVE) ID: CVE-2019-9365
https://source.android.com/security/bulletin/android-10

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0128
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0128)
Zusammenfassung:	The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory. Vulnerability Insight: Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. (CVE-2019-9274). An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c (CVE-2019-9365). In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c (CVE-2019-20176). Affected Software/OS: 'pure-ftpd' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20176 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/ https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 Common Vulnerability Exposure (CVE) ID: CVE-2019-9274 https://source.android.com/security/bulletin/pixel/2019-09-01 Common Vulnerability Exposure (CVE) ID: CVE-2019-9365 https://source.android.com/security/bulletin/android-10
Copyright	Copyright (C) 2022 Greenbone AG