Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2008-0295)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122581

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2008-0295)

Resumen: The remote host is missing an update for the 'vsftpd' package(s) announced via the ELSA-2008-0295 advisory.

Descripción: Summary:
The remote host is missing an update for the 'vsftpd' package(s) announced via the ELSA-2008-0295 advisory.

Vulnerability Insight:
[2.0.5-12]
- fix CVE-2007-5962: vsftpd memory leak when deny_file option is set
- Resolves: #423001

[2.0.5-11]
- add new option to log login failures based on user list
- Resolves: #345791
- fix user_config_dir option
- Resolves: #400921
- allow usernames starting with '_' or '.'
- Resolves: #386561
- fix the write/race condition when uploading files simultaneously
- Resolves: #240553
- fix the bug that causes every new file stored with STOU to have a prefix '.1'
- Resolves: #392231
- make vsftpd wildcard matching more greedy
- Resolves: #392181

Affected Software/OS:
'vsftpd' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-5962
1020079
http://securitytracker.com/id?1020079
20080606 rPSA-2008-0185-1 vsftpd
http://www.securityfocus.com/archive/1/493167/100/0/threaded
29322
http://www.securityfocus.com/bid/29322
30341
http://secunia.com/advisories/30341
30354
http://secunia.com/advisories/30354
5814
https://www.exploit-db.com/exploits/5814
ADV-2008-1600
http://www.vupen.com/english/advisories/2008/1600
FEDORA-2008-4347
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html
FEDORA-2008-4362
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html
FEDORA-2008-4373
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html
RHSA-2008:0295
http://www.redhat.com/support/errata/RHSA-2008-0295.html
[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
http://www.openwall.com/lists/oss-security/2008/05/21/10
http://www.openwall.com/lists/oss-security/2008/05/21/12
[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
http://www.openwall.com/lists/oss-security/2008/05/21/8
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185
https://bugzilla.redhat.com/show_bug.cgi?id=397011
oval:org.mitre.oval:def:8850
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850
vsftpd-denyfile-dos(42593)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42593

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122581
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2008-0295)
Resumen:	The remote host is missing an update for the 'vsftpd' package(s) announced via the ELSA-2008-0295 advisory.
Descripción:	Summary: The remote host is missing an update for the 'vsftpd' package(s) announced via the ELSA-2008-0295 advisory. Vulnerability Insight: [2.0.5-12] - fix CVE-2007-5962: vsftpd memory leak when deny_file option is set - Resolves: #423001 [2.0.5-11] - add new option to log login failures based on user list - Resolves: #345791 - fix user_config_dir option - Resolves: #400921 - allow usernames starting with '_' or '.' - Resolves: #386561 - fix the write/race condition when uploading files simultaneously - Resolves: #240553 - fix the bug that causes every new file stored with STOU to have a prefix '.1' - Resolves: #392231 - make vsftpd wildcard matching more greedy - Resolves: #392181 Affected Software/OS: 'vsftpd' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5962 1020079 http://securitytracker.com/id?1020079 20080606 rPSA-2008-0185-1 vsftpd http://www.securityfocus.com/archive/1/493167/100/0/threaded 29322 http://www.securityfocus.com/bid/29322 30341 http://secunia.com/advisories/30341 30354 http://secunia.com/advisories/30354 5814 https://www.exploit-db.com/exploits/5814 ADV-2008-1600 http://www.vupen.com/english/advisories/2008/1600 FEDORA-2008-4347 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html FEDORA-2008-4362 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html FEDORA-2008-4373 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html RHSA-2008:0295 http://www.redhat.com/support/errata/RHSA-2008-0295.html [oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) http://www.openwall.com/lists/oss-security/2008/05/21/10 http://www.openwall.com/lists/oss-security/2008/05/21/12 [oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) http://www.openwall.com/lists/oss-security/2008/05/21/8 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 https://bugzilla.redhat.com/show_bug.cgi?id=397011 oval:org.mitre.oval:def:8850 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 vsftpd-denyfile-dos(42593) https://exchange.xforce.ibmcloud.com/vulnerabilities/42593
Copyright	Copyright (C) 2015 Greenbone AG