Test ID:	1.3.6.1.4.1.25623.1.0.69493
Category:	Fedora Local Security Checks
Title:	Fedora Core 15 FEDORA-2011-5098 (proftpd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to proftpd announced via advisory FEDORA-2011-5098. Update Information: The second release candidate for proftpd 1.3.4. This includes fixes for a number of security issues: * Plaintext command injection vulnerability in FTPS implementation * Badly formed SSH messages cause DoS * Limit recursion depth for untrusted regular expressions (#673040) The update also contains a large number of bug fixes over release candidate 1, plus new support for SSL session caching using memcached. References: [ 1 ] Bug #681718 - CVE-2011-1137 proftpd: integer overflow in mod_sftp https://bugzilla.redhat.com/show_bug.cgi?id=681718 [ 2 ] Bug #645859 - CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine https://bugzilla.redhat.com/show_bug.cgi?id=645859 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-5098 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1137 BugTraq ID: 46183 http://www.securityfocus.com/bid/46183 Debian Security Information: DSA-2185 (Google Search) http://www.debian.org/security/2011/dsa-2185 http://www.exploit-db.com/exploits/16129/ http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html http://secunia.com/advisories/43234 http://secunia.com/advisories/43635 http://secunia.com/advisories/43978 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806 http://www.vupen.com/english/advisories/2011/0617 http://www.vupen.com/english/advisories/2011/0857 Common Vulnerability Exposure (CVE) ID: CVE-2010-4051 BugTraq ID: 45233 http://www.securityfocus.com/bid/45233 Bugtraq: 20110107 GNU libc/regcomp(3) Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/515589/100/0/threaded CERT/CC vulnerability note: VU#912279 http://www.kb.cert.org/vuls/id/912279 http://www.exploit-db.com/exploits/15935 http://seclists.org/fulldisclosure/2011/Jan/78 http://cxib.net/stuff/proftpd.gnu.c https://bugzilla.redhat.com/show_bug.cgi?id=645859 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E http://securitytracker.com/id?1024832 http://secunia.com/advisories/42547 http://securityreason.com/securityalert/8003 http://securityreason.com/achievement_securityalert/93 Common Vulnerability Exposure (CVE) ID: CVE-2010-4052
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.