ID de Prueba:	1.3.6.1.4.1.25623.1.0.69247
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:049 (vsftpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to vsftpd announced via advisory MDVSA-2011:049. A vulnerability was discovered and corrected in vsftpd: The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632 (CVE-2011-0762). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:049 Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2632 http://www.securitytracker.com/id?1024975 http://secunia.com/advisories/42984 http://secunia.com/advisories/43433 http://secunia.com/advisories/55212 http://securityreason.com/achievement_securityalert/89 http://securityreason.com/achievement_securityalert/97 http://www.vupen.com/english/advisories/2011/0151 XForce ISS Database: solaris-ftp-dos(64798) https://exchange.xforce.ibmcloud.com/vulnerabilities/64798 Common Vulnerability Exposure (CVE) ID: CVE-2011-0762 BugTraq ID: 46617 http://www.securityfocus.com/bid/46617 Bugtraq: 20110301 vsftpd 2.3.2 remote denial-of-service (Google Search) http://www.securityfocus.com/archive/1/516748/100/0/threaded CERT/CC vulnerability note: VU#590604 http://www.kb.cert.org/vuls/id/590604 Debian Security Information: DSA-2305 (Google Search) http://www.debian.org/security/2011/dsa-2305 http://www.exploit-db.com/exploits/16270 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://jvn.jp/en/jp/JVN37417423/index.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 http://cxib.net/stuff/vspoc232.c http://www.redhat.com/support/errata/RHSA-2011-0337.html http://www.securitytracker.com/id?1025186 http://securityreason.com/securityalert/8109 http://securityreason.com/achievement_securityalert/95 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.ubuntu.com/usn/USN-1098-1 http://www.vupen.com/english/advisories/2011/0547 http://www.vupen.com/english/advisories/2011/0639 http://www.vupen.com/english/advisories/2011/0668 http://www.vupen.com/english/advisories/2011/0713 XForce ISS Database: vsftpd-vsffilenamepassesfilter-dos(65873) https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.