Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58408
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2007:130 (proftpd)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to proftpd
announced via advisory MDKSA-2007:130.

The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
authentication.

The updated packages have been patched to prevent this issue. As well,
this update provides proper PAM configuration files for ProFTPD
on Corporate Server 4 that had prevented any mod_auth_pam-based
connections from succeeding authentication.

As well, ProFTPD 1.3.0 is being provided for Corporate 3 and Corporate
Server 4.

Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:130

Risk factor : High

CVSS Score:
5.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-2165
BugTraq ID: 23546
http://www.securityfocus.com/bid/23546
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://osvdb.org/34602
http://securitytracker.com/id?1017931
http://secunia.com/advisories/24867
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://www.vupen.com/english/advisories/2007/1444
XForce ISS Database: proftpd-authapi-security-bypass(33733)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.