FTP : ProFTPD Multiple Remote Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801639

Categoría: FTP

Título: ProFTPD Multiple Remote Vulnerabilities

Resumen: ProFTPD is prone to multiple vulnerabilities.

Descripción: Summary:
ProFTPD is prone to multiple vulnerabilities.

Vulnerability Insight:
- An input validation error within the 'mod_site_misc' module can be exploited
to create and delete directories, create symlinks, and change the time of
files located outside a writable directory.

- A logic error within the 'pr_netio_telnet_gets()' function in 'src/netio.c'
when processing user input containing the Telnet IAC escape sequence can be
exploited to cause a stack-based buffer overflow by sending specially
crafted input to the FTP or FTPS service.

Vulnerability Impact:
Successful exploitation may allow execution of arbitrary code or cause a
denial-of-service.

Affected Software/OS:
ProFTPD versions prior to 1.3.3c

Solution:
Upgrade to ProFTPD version 1.3.3c or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3867
42047
http://secunia.com/advisories/42047
42052
http://secunia.com/advisories/42052
42217
http://secunia.com/advisories/42217
44562
http://www.securityfocus.com/bid/44562
ADV-2010-2853
http://www.vupen.com/english/advisories/2010/2853
ADV-2010-2941
http://www.vupen.com/english/advisories/2010/2941
ADV-2010-2959
http://www.vupen.com/english/advisories/2010/2959
ADV-2010-2962
http://www.vupen.com/english/advisories/2010/2962
DSA-2191
http://www.debian.org/security/2011/dsa-2191
FEDORA-2010-17091
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
FEDORA-2010-17098
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
FEDORA-2010-17220
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html
MDVSA-2010:227
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227
SSA:2010-305-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209
[oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code
http://www.openwall.com/lists/oss-security/2010/11/01/4
http://bugs.proftpd.org/show_bug.cgi?id=3519
http://www.proftpd.org/docs/NEWS-1.3.3c
Common Vulnerability Exposure (CVE) ID: CVE-2010-4221
BugTraq ID: 44562
http://www.zerodayinitiative.com/advisories/ZDI-10-229/

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801639
Categoría:	FTP
Título:	ProFTPD Multiple Remote Vulnerabilities
Resumen:	ProFTPD is prone to multiple vulnerabilities.
Descripción:	Summary: ProFTPD is prone to multiple vulnerabilities. Vulnerability Insight: - An input validation error within the 'mod_site_misc' module can be exploited to create and delete directories, create symlinks, and change the time of files located outside a writable directory. - A logic error within the 'pr_netio_telnet_gets()' function in 'src/netio.c' when processing user input containing the Telnet IAC escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Vulnerability Impact: Successful exploitation may allow execution of arbitrary code or cause a denial-of-service. Affected Software/OS: ProFTPD versions prior to 1.3.3c Solution: Upgrade to ProFTPD version 1.3.3c or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3867 42047 http://secunia.com/advisories/42047 42052 http://secunia.com/advisories/42052 42217 http://secunia.com/advisories/42217 44562 http://www.securityfocus.com/bid/44562 ADV-2010-2853 http://www.vupen.com/english/advisories/2010/2853 ADV-2010-2941 http://www.vupen.com/english/advisories/2010/2941 ADV-2010-2959 http://www.vupen.com/english/advisories/2010/2959 ADV-2010-2962 http://www.vupen.com/english/advisories/2010/2962 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2010-17091 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html FEDORA-2010-17098 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html FEDORA-2010-17220 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html MDVSA-2010:227 http://www.mandriva.com/security/advisories?name=MDVSA-2010:227 SSA:2010-305-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 [oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code http://www.openwall.com/lists/oss-security/2010/11/01/4 http://bugs.proftpd.org/show_bug.cgi?id=3519 http://www.proftpd.org/docs/NEWS-1.3.3c Common Vulnerability Exposure (CVE) ID: CVE-2010-4221 BugTraq ID: 44562 http://www.zerodayinitiative.com/advisories/ZDI-10-229/
Copyright	Copyright (C) 2010 Greenbone AG