Mandrake Local Security Checks : Mandriva Update for proftpd MDVSA-2011:023 (proftpd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831323

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for proftpd MDVSA-2011:023 (proftpd)

Resumen: The remote host is missing an update for the 'proftpd'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'proftpd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in proftpd:

Heap-based buffer overflow in the sql_prepare_where function
(contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled,
allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted username containing
substitution tags, which are not properly handled during construction
of an SQL query (CVE-2010-4652).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
proftpd on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4652
44933
http://www.securityfocus.com/bid/44933
ADV-2011-0248
http://www.vupen.com/english/advisories/2011/0248
ADV-2011-0331
http://www.vupen.com/english/advisories/2011/0331
DSA-2191
http://www.debian.org/security/2011/dsa-2191
FEDORA-2011-0610
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html
FEDORA-2011-0613
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html
MDVSA-2011:023
http://www.mandriva.com/security/advisories?name=MDVSA-2011:023
http://bugs.proftpd.org/show_bug.cgi?id=3536
http://phrack.org/issues.html?issue=67&id=7#article
http://proftpd.org/docs/RELEASE_NOTES-1.3.3d
https://bugzilla.redhat.com/show_bug.cgi?id=670170

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831323
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
Resumen:	The remote host is missing an update for the 'proftpd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'proftpd' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in proftpd: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query (CVE-2010-4652). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: proftpd on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4652 44933 http://www.securityfocus.com/bid/44933 ADV-2011-0248 http://www.vupen.com/english/advisories/2011/0248 ADV-2011-0331 http://www.vupen.com/english/advisories/2011/0331 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2011-0610 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html FEDORA-2011-0613 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html MDVSA-2011:023 http://www.mandriva.com/security/advisories?name=MDVSA-2011:023 http://bugs.proftpd.org/show_bug.cgi?id=3536 http://phrack.org/issues.html?issue=67&id=7#article http://proftpd.org/docs/RELEASE_NOTES-1.3.3d https://bugzilla.redhat.com/show_bug.cgi?id=670170
Copyright	Copyright (C) 2011 Greenbone AG