Test ID:	1.3.6.1.4.1.25623.1.0.68906
Category:	Fedora Local Security Checks
Title:	Fedora Core 14 FEDORA-2011-0610 (proftpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to proftpd announced via advisory FEDORA-2011-0610. Update Information: This is an update to the current upstream maintenance release, which addresses a security issue that could affect users of the mod_sql module (not enabled by default). * A heap-based buffer overflow flaw was found in the way ProFTPD FTP server prepared SQL queries for certain usernames, when the mod_sql module was enabled. A remote, unauthenticated attacker could use this flaw to cause the proftpd daemon to crash or, potentially, to execute arbitrary code with the privileges of the user running 'proftpd' via a specially-crafted username, provided in the authentication dialog. The update also fixes a CPU spike when handling .ftpaccess files, and handling of SFTP uploads when compression is used. References: [ 1 ] Bug #670170 - CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled https://bugzilla.redhat.com/show_bug.cgi?id=670170 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-0610 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4652 44933 http://www.securityfocus.com/bid/44933 ADV-2011-0248 http://www.vupen.com/english/advisories/2011/0248 ADV-2011-0331 http://www.vupen.com/english/advisories/2011/0331 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2011-0610 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html FEDORA-2011-0613 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html MDVSA-2011:023 http://www.mandriva.com/security/advisories?name=MDVSA-2011:023 http://bugs.proftpd.org/show_bug.cgi?id=3536 http://phrack.org/issues.html?issue=67&id=7#article http://proftpd.org/docs/RELEASE_NOTES-1.3.3d https://bugzilla.redhat.com/show_bug.cgi?id=670170 Common Vulnerability Exposure (CVE) ID: CVE-2010-4221 BugTraq ID: 44562 http://www.securityfocus.com/bid/44562 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:227 http://www.zerodayinitiative.com/advisories/ZDI-10-229/ http://secunia.com/advisories/42052 http://secunia.com/advisories/42217 http://www.vupen.com/english/advisories/2010/2941 http://www.vupen.com/english/advisories/2010/2959 http://www.vupen.com/english/advisories/2010/2962 Common Vulnerability Exposure (CVE) ID: CVE-2010-3867 42047 http://secunia.com/advisories/42047 42052 42217 44562 ADV-2010-2853 http://www.vupen.com/english/advisories/2010/2853 ADV-2010-2941 ADV-2010-2959 ADV-2010-2962 FEDORA-2010-17091 FEDORA-2010-17098 FEDORA-2010-17220 MDVSA-2010:227 SSA:2010-305-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 [oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code http://www.openwall.com/lists/oss-security/2010/11/01/4 http://bugs.proftpd.org/show_bug.cgi?id=3519 http://www.proftpd.org/docs/NEWS-1.3.3c
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.