Slackware Local Security Checks : Slackware: Security Advisory (SSA:2010-305-03)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68466

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2010-305-03)

Resumen: The remote host is missing an update for the 'proftpd' package(s) announced via the SSA:2010-305-03 advisory.

Descripción: Summary:
The remote host is missing an update for the 'proftpd' package(s) announced via the SSA:2010-305-03 advisory.

Vulnerability Insight:
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, and -current to a fix security issue.

Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.3c-i486-1_slack13.1.txz: Upgraded.
Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can
allow remote execution of arbitrary code as the user running the
ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI).
For more information, see:
[link moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'proftpd' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:H/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3867
42047
http://secunia.com/advisories/42047
42052
http://secunia.com/advisories/42052
42217
http://secunia.com/advisories/42217
44562
http://www.securityfocus.com/bid/44562
ADV-2010-2853
http://www.vupen.com/english/advisories/2010/2853
ADV-2010-2941
http://www.vupen.com/english/advisories/2010/2941
ADV-2010-2959
http://www.vupen.com/english/advisories/2010/2959
ADV-2010-2962
http://www.vupen.com/english/advisories/2010/2962
DSA-2191
http://www.debian.org/security/2011/dsa-2191
FEDORA-2010-17091
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
FEDORA-2010-17098
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
FEDORA-2010-17220
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html
MDVSA-2010:227
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227
SSA:2010-305-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209
[oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code
http://www.openwall.com/lists/oss-security/2010/11/01/4
http://bugs.proftpd.org/show_bug.cgi?id=3519
http://www.proftpd.org/docs/NEWS-1.3.3c

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68466
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2010-305-03)
Resumen:	The remote host is missing an update for the 'proftpd' package(s) announced via the SSA:2010-305-03 advisory.
Descripción:	Summary: The remote host is missing an update for the 'proftpd' package(s) announced via the SSA:2010-305-03 advisory. Vulnerability Insight: New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to a fix security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.3c-i486-1_slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'proftpd' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3867 42047 http://secunia.com/advisories/42047 42052 http://secunia.com/advisories/42052 42217 http://secunia.com/advisories/42217 44562 http://www.securityfocus.com/bid/44562 ADV-2010-2853 http://www.vupen.com/english/advisories/2010/2853 ADV-2010-2941 http://www.vupen.com/english/advisories/2010/2941 ADV-2010-2959 http://www.vupen.com/english/advisories/2010/2959 ADV-2010-2962 http://www.vupen.com/english/advisories/2010/2962 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2010-17091 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html FEDORA-2010-17098 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html FEDORA-2010-17220 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html MDVSA-2010:227 http://www.mandriva.com/security/advisories?name=MDVSA-2010:227 SSA:2010-305-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 [oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code http://www.openwall.com/lists/oss-security/2010/11/01/4 http://bugs.proftpd.org/show_bug.cgi?id=3519 http://www.proftpd.org/docs/NEWS-1.3.3c
Copyright	Copyright (C) 2012 Greenbone AG