FreeBSD Local Security Checks : FreeBSD Ports: wu-ftpd

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52493

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: wu-ftpd

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

wu-ftpd
wu-ftpd+ipv6

CVE-2004-0148
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled,
allows local users to bypass access restrictions by changing the
permissions to prevent access to their home directory, which causes
wu-ftpd to use the root directory instead.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0148
BugTraq ID: 9832
http://www.securityfocus.com/bid/9832
Debian Security Information: DSA-457 (Google Search)
http://www.debian.org/security/2004/dsa-457
http://www.frsirt.com/english/advisories/2006/1867
HPdes Security Advisory: SSRT4704
http://marc.info/?l=bugtraq&m=108999466902690&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648
http://www.redhat.com/support/errata/RHSA-2004-096.html
SCO Security Bulletin: SCOSA-2005.6
http://secunia.com/advisories/11055
http://secunia.com/advisories/20168
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1
XForce ISS Database: wuftpd-restrictedgid-gain-access(15423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15423

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52493
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: wu-ftpd
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: wu-ftpd wu-ftpd+ipv6 CVE-2004-0148 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0148 BugTraq ID: 9832 http://www.securityfocus.com/bid/9832 Debian Security Information: DSA-457 (Google Search) http://www.debian.org/security/2004/dsa-457 http://www.frsirt.com/english/advisories/2006/1867 HPdes Security Advisory: SSRT4704 http://marc.info/?l=bugtraq&m=108999466902690&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648 http://www.redhat.com/support/errata/RHSA-2004-096.html SCO Security Bulletin: SCOSA-2005.6 http://secunia.com/advisories/11055 http://secunia.com/advisories/20168 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1 XForce ISS Database: wuftpd-restrictedgid-gain-access(15423) https://exchange.xforce.ibmcloud.com/vulnerabilities/15423
Copyright	Copyright (C) 2008 E-Soft Inc.