ID de Prueba:	1.3.6.1.4.1.25623.1.0.831351
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd)
Resumen:	The remote host is missing an update for the 'vsftpd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'vsftpd' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in vsftpd: The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632 (CVE-2011-0762). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: vsftpd on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2632 http://www.securitytracker.com/id?1024975 http://secunia.com/advisories/42984 http://secunia.com/advisories/43433 http://secunia.com/advisories/55212 http://securityreason.com/achievement_securityalert/89 http://securityreason.com/achievement_securityalert/97 http://www.vupen.com/english/advisories/2011/0151 XForce ISS Database: solaris-ftp-dos(64798) https://exchange.xforce.ibmcloud.com/vulnerabilities/64798 Common Vulnerability Exposure (CVE) ID: CVE-2011-0762 BugTraq ID: 46617 http://www.securityfocus.com/bid/46617 Bugtraq: 20110301 vsftpd 2.3.2 remote denial-of-service (Google Search) http://www.securityfocus.com/archive/1/516748/100/0/threaded CERT/CC vulnerability note: VU#590604 http://www.kb.cert.org/vuls/id/590604 Debian Security Information: DSA-2305 (Google Search) http://www.debian.org/security/2011/dsa-2305 http://www.exploit-db.com/exploits/16270 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://jvn.jp/en/jp/JVN37417423/index.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 http://cxib.net/stuff/vspoc232.c http://www.redhat.com/support/errata/RHSA-2011-0337.html http://www.securitytracker.com/id?1025186 http://securityreason.com/securityalert/8109 http://securityreason.com/achievement_securityalert/95 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.ubuntu.com/usn/USN-1098-1 http://www.vupen.com/english/advisories/2011/0547 http://www.vupen.com/english/advisories/2011/0639 http://www.vupen.com/english/advisories/2011/0668 http://www.vupen.com/english/advisories/2011/0713 XForce ISS Database: vsftpd-vsffilenamepassesfilter-dos(65873) https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.