Test ID:	1.3.6.1.4.1.25623.1.0.57657
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2006-0066 (openldap, proftpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0066. openldap < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Evgeny Legerov has reported a vulnerability in OpenLDAP, caused due to an error when processing certain BIND requests. This can be exploited to cause a crash by sending specially crafted BIND requests to an OpenLDAP server. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-5779 to this issue. proftpd < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Evgeny Legerov has reported a vulnerability in ProFTPD, caused due to a buffer overflow error in the main.c file where the cmd_buf_size size of the buffer used to handle FTP commands sent by clients is not properly set to the size configured via the CommandBufferSize directive. This can be exploited by malicious people to compromise a vulnerable system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-5815 to this issue. - Security fix in mod_tls. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0066 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5779 BugTraq ID: 20939 http://www.securityfocus.com/bid/20939 Bugtraq: 20061106 VulnDisco Pack for Metasploit (Google Search) http://www.securityfocus.com/archive/1/450728/100/0/threaded http://security.gentoo.org/glsa/glsa-200611-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:208 http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz http://gleg.net/vulndisco_meta.shtml http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html http://securitytracker.com/id?1017166 http://secunia.com/advisories/22750 http://secunia.com/advisories/22953 http://secunia.com/advisories/22996 http://secunia.com/advisories/23125 http://secunia.com/advisories/23133 http://secunia.com/advisories/23152 http://secunia.com/advisories/23170 http://securityreason.com/securityalert/1831 SuSE Security Announcement: SUSE-SA:2006:072 (Google Search) http://www.novell.com/linux/security/advisories/2006_72_openldap2.html http://www.trustix.org/errata/2006/0066/ http://www.ubuntu.com/usn/usn-384-1 http://www.vupen.com/english/advisories/2006/4379 XForce ISS Database: openldap-bind-dos(30076) https://exchange.xforce.ibmcloud.com/vulnerabilities/30076 Common Vulnerability Exposure (CVE) ID: CVE-2006-5815 BugTraq ID: 20992 http://www.securityfocus.com/bid/20992 Bugtraq: 20061127 CVE-2006-5815: remote code execution in ProFTPD (Google Search) http://www.securityfocus.com/archive/1/452760/100/200/threaded Debian Security Information: DSA-1222 (Google Search) http://www.debian.org/security/2006/dsa-1222 http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:217 http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html http://securitytracker.com/id?1017167 http://secunia.com/advisories/22803 http://secunia.com/advisories/22821 http://secunia.com/advisories/23000 http://secunia.com/advisories/23069 http://secunia.com/advisories/23174 http://secunia.com/advisories/23179 http://secunia.com/advisories/23184 http://secunia.com/advisories/23207 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491 http://www.trustix.org/errata/2006/0070 http://www.vupen.com/english/advisories/2006/4451 XForce ISS Database: proftpd-code-execution(30147) https://exchange.xforce.ibmcloud.com/vulnerabilities/30147
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.