Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58408
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:130 (proftpd)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to proftpd
announced via advisory MDKSA-2007:130.

The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
authentication.

The updated packages have been patched to prevent this issue. As well,
this update provides proper PAM configuration files for ProFTPD
on Corporate Server 4 that had prevented any mod_auth_pam-based
connections from succeeding authentication.

As well, ProFTPD 1.3.0 is being provided for Corporate 3 and Corporate
Server 4.

Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:130

Risk factor : High

CVSS Score:
5.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2165
BugTraq ID: 23546
http://www.securityfocus.com/bid/23546
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://osvdb.org/34602
http://securitytracker.com/id?1017931
http://secunia.com/advisories/24867
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://www.vupen.com/english/advisories/2007/1444
XForce ISS Database: proftpd-authapi-security-bypass(33733)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.