Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2013.2606
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2606)
Summary:	The remote host is missing an update for the Debian 'proftpd-dfsg' package(s) announced via the DSA-2606 advisory.;;This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-2606)' (OID: 1.3.6.1.4.1.25623.1.0.702606).
Description:	Summary: The remote host is missing an update for the Debian 'proftpd-dfsg' package(s) announced via the DSA-2606 advisory. This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-2606)' (OID: 1.3.6.1.4.1.25623.1.0.702606). Vulnerability Insight: It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations. For the stable distribution (squeeze), this problem has been fixed in version 1.3.3a-6squeeze6. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.3.4a-3. We recommend that you upgrade your proftpd-dfsg packages. Affected Software/OS: 'proftpd-dfsg' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 1.2 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6095 51823 http://secunia.com/advisories/51823 DSA-2606 http://www.debian.org/security/2013/dsa-2606 [oss-security] 20130107 Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory http://www.openwall.com/lists/oss-security/2013/01/07/3 http://bugs.proftpd.org/show_bug.cgi?id=3841 http://proftpd.org/docs/NEWS-1.3.5rc1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.