Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0128)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2020.0128

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2020-0128)

Summary: The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.

Description: Summary:
The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.

Vulnerability Insight:
Updated pure-ftpd packages fix security vulnerabilities:

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is called,
they fail to correctly detect the end of the linked list and try to access
a non-existent list member. This is related to init_aliases in diraliases.c.
(CVE-2019-9274).

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has
been detected in the pure_strcmp function in utils.c (CVE-2019-9365).

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir
function in ls.c (CVE-2019-20176).

Affected Software/OS:
'pure-ftpd' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-20176
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Common Vulnerability Exposure (CVE) ID: CVE-2019-9274
https://source.android.com/security/bulletin/pixel/2019-09-01
Common Vulnerability Exposure (CVE) ID: CVE-2019-9365
https://source.android.com/security/bulletin/android-10

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0128
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0128)
Summary:	The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory.
Description:	Summary: The remote host is missing an update for the 'pure-ftpd' package(s) announced via the MGASA-2020-0128 advisory. Vulnerability Insight: Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. (CVE-2019-9274). An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c (CVE-2019-9365). In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c (CVE-2019-20176). Affected Software/OS: 'pure-ftpd' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20176 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/ https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 Common Vulnerability Exposure (CVE) ID: CVE-2019-9274 https://source.android.com/security/bulletin/pixel/2019-09-01 Common Vulnerability Exposure (CVE) ID: CVE-2019-9365 https://source.android.com/security/bulletin/android-10
Copyright	Copyright (C) 2022 Greenbone AG