Test ID:	1.3.6.1.4.1.25623.1.0.892123
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-2123-1)
Summary:	The remote host is missing an update for the Debian 'pure-ftpd' package(s) announced via the DLA-2123-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'pure-ftpd' package(s) announced via the DLA-2123-1 advisory. Vulnerability Insight: An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure. For Debian 8 Jessie, this problem has been fixed in version 1.0.36-3.2+deb8u1. We recommend that you upgrade your pure-ftpd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'pure-ftpd' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-9274 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ https://security.gentoo.org/glsa/202003-54 https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa https://www.pureftpd.org/project/pure-ftpd/news/ https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html https://usn.ubuntu.com/4515-1/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.