Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:750

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51465

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:750

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:750.

ProFTPD is a highly configurable FTP daemon written from scratch for
Unix and Unix-like operating systems.

ISS X-Force has discovered a vulnerability[1] in the way proftpd
(versions >= 1.2.7) handles incoming ASCII file transfers. An
attacker who is able to upload and download the same file can exploit
this vulnerability to execute arbitrary code with root privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0831 to this issue[2].

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://xforce.iss.net/xforce/alerts/id/154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0831
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:750
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Critical

CVSS Score:
9.0

Referencia Cruzada: BugTraq ID: 8679
Common Vulnerability Exposure (CVE) ID: CVE-2003-0831
Bugtraq: 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) (Google Search)
http://marc.info/?l=bugtraq&m=106441655617816&w=2
Bugtraq: 20031013 Remote root exploit for proftpd \n bug (Google Search)
http://marc.info/?l=bugtraq&m=106606885611269&w=2
CERT/CC vulnerability note: VU#405348
http://www.kb.cert.org/vuls/id/405348
https://www.exploit-db.com/exploits/107/
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
ISS Security Advisory: 20030923 ProFTPD ASCII File Remote Compromise Vulnerability
http://xforce.iss.net/xforce/alerts/id/154
http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
http://secunia.com/advisories/9829
XForce ISS Database: proftpd-ascii-xfer-newline-bo(12200)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12200

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51465
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:750
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:750. ProFTPD is a highly configurable FTP daemon written from scratch for Unix and Unix-like operating systems. ISS X-Force has discovered a vulnerability[1] in the way proftpd (versions >= 1.2.7) handles incoming ASCII file transfers. An attacker who is able to upload and download the same file can exploit this vulnerability to execute arbitrary code with root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0831 to this issue[2]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://xforce.iss.net/xforce/alerts/id/154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0831 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:750 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 9.0
Referencia Cruzada:	BugTraq ID: 8679 Common Vulnerability Exposure (CVE) ID: CVE-2003-0831 Bugtraq: 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) (Google Search) http://marc.info/?l=bugtraq&m=106441655617816&w=2 Bugtraq: 20031013 Remote root exploit for proftpd \n bug (Google Search) http://marc.info/?l=bugtraq&m=106606885611269&w=2 CERT/CC vulnerability note: VU#405348 http://www.kb.cert.org/vuls/id/405348 https://www.exploit-db.com/exploits/107/ http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html ISS Security Advisory: 20030923 ProFTPD ASCII File Remote Compromise Vulnerability http://xforce.iss.net/xforce/alerts/id/154 http://www.mandriva.com/security/advisories?name=MDKSA-2003:095 http://secunia.com/advisories/9829 XForce ISS Database: proftpd-ascii-xfer-newline-bo(12200) https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com