Test ID:	1.3.6.1.4.1.25623.1.0.68328
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:227 (proftpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to proftpd announced via advisory MDVSA-2010:227. Multiple vulnerabilities were discovered and corrected in proftpd: Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command (CVE-2010-3867). Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server (CVE-2010-4221). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:227 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3867 42047 http://secunia.com/advisories/42047 42052 http://secunia.com/advisories/42052 42217 http://secunia.com/advisories/42217 44562 http://www.securityfocus.com/bid/44562 ADV-2010-2853 http://www.vupen.com/english/advisories/2010/2853 ADV-2010-2941 http://www.vupen.com/english/advisories/2010/2941 ADV-2010-2959 http://www.vupen.com/english/advisories/2010/2959 ADV-2010-2962 http://www.vupen.com/english/advisories/2010/2962 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2010-17091 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html FEDORA-2010-17098 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html FEDORA-2010-17220 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html MDVSA-2010:227 http://www.mandriva.com/security/advisories?name=MDVSA-2010:227 SSA:2010-305-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 [oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code http://www.openwall.com/lists/oss-security/2010/11/01/4 http://bugs.proftpd.org/show_bug.cgi?id=3519 http://www.proftpd.org/docs/NEWS-1.3.3c Common Vulnerability Exposure (CVE) ID: CVE-2010-4221 BugTraq ID: 44562 http://www.zerodayinitiative.com/advisories/ZDI-10-229/
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.