Turbolinux Local Security Tests : Turbolinux TLSA-2003-54 (proftpd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52961

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-54 (proftpd)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to proftpd
announced via advisory TLSA-2003-54.

ProFTPD grew out of the desire to have a secure and configurable FTP server,
and out of a significant admiration of the Apache web server.
There are currently a very limited number of FTP servers running on Unix (or Unix-like) hosts.
A vulnerability exists in the ProFTPD server that can be triggered by
remote attackers when transferring files from the FTP server in ASCII mode.
The attacker must have the ability to upload a file to the server,
and then attempt to download the same file to trigger the vulnerability.

This vulnerability may allow a remote attacker to execute arbitrary code.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-54

Risk factor : Critical

CVSS Score:
9.0

Referencia Cruzada: BugTraq ID: 8679
Common Vulnerability Exposure (CVE) ID: CVE-2003-0831
Bugtraq: 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) (Google Search)
http://marc.info/?l=bugtraq&m=106441655617816&w=2
Bugtraq: 20031013 Remote root exploit for proftpd \n bug (Google Search)
http://marc.info/?l=bugtraq&m=106606885611269&w=2
CERT/CC vulnerability note: VU#405348
http://www.kb.cert.org/vuls/id/405348
https://www.exploit-db.com/exploits/107/
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
ISS Security Advisory: 20030923 ProFTPD ASCII File Remote Compromise Vulnerability
http://xforce.iss.net/xforce/alerts/id/154
http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
http://secunia.com/advisories/9829
XForce ISS Database: proftpd-ascii-xfer-newline-bo(12200)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12200

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52961
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-54 (proftpd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to proftpd announced via advisory TLSA-2003-54. ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the Apache web server. There are currently a very limited number of FTP servers running on Unix (or Unix-like) hosts. A vulnerability exists in the ProFTPD server that can be triggered by remote attackers when transferring files from the FTP server in ASCII mode. The attacker must have the ability to upload a file to the server, and then attempt to download the same file to trigger the vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-54 Risk factor : Critical CVSS Score: 9.0
Referencia Cruzada:	BugTraq ID: 8679 Common Vulnerability Exposure (CVE) ID: CVE-2003-0831 Bugtraq: 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) (Google Search) http://marc.info/?l=bugtraq&m=106441655617816&w=2 Bugtraq: 20031013 Remote root exploit for proftpd \n bug (Google Search) http://marc.info/?l=bugtraq&m=106606885611269&w=2 CERT/CC vulnerability note: VU#405348 http://www.kb.cert.org/vuls/id/405348 https://www.exploit-db.com/exploits/107/ http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html ISS Security Advisory: 20030923 ProFTPD ASCII File Remote Compromise Vulnerability http://xforce.iss.net/xforce/alerts/id/154 http://www.mandriva.com/security/advisories?name=MDKSA-2003:095 http://secunia.com/advisories/9829 XForce ISS Database: proftpd-ascii-xfer-newline-bo(12200) https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com