Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:450

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51494

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:450

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:450.

ProFTPD is a highly configurable FTP daemon written from scratch for
Unix and Unix-like operating systems.

This advisory addresses two security problems:

1. ProFTPD was not forward resolving reverse-resolved hostnames. A
remote attacker could explore this vulnerability[1] to bypass ProFTPD
access control lists or have false information (client hostname)
logged. It was discovered by Matthew S. Hallacy
.

2. A DoS vulnerability[2] was found by Frank Denis. By sending a
malicious command to the server, a remote attacker could force the
process to consume all CPU and memory resources available to it.
Multiple attack instances could effectively bring the server down.

This update also fixes a Segmentation Fault problem, found[3] by
Mattias , which was further analyzed and
considered by the developers as not exploitable.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:450
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51494
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:450
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:450. ProFTPD is a highly configurable FTP daemon written from scratch for Unix and Unix-like operating systems. This advisory addresses two security problems: 1. ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could explore this vulnerability[1] to bypass ProFTPD access control lists or have false information (client hostname) logged. It was discovered by Matthew S. Hallacy . 2. A DoS vulnerability[2] was found by Frank Denis. By sending a malicious command to the server, a remote attacker could force the process to consume all CPU and memory resources available to it. Multiple attack instances could effectively bring the server down. This update also fixes a Segmentation Fault problem, found[3] by Mattias , which was further analyzed and considered by the developers as not exploitable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:450 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com