 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.68328 |
| Categoría: | Mandrake Local Security Checks |
| Título: | Mandriva Security Advisory MDVSA-2010:227 (proftpd) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to proftpd announced via advisory MDVSA-2010:227. Multiple vulnerabilities were discovered and corrected in proftpd: Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command (CVE-2010-3867). Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server (CVE-2010-4221). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:227 Risk factor : Critical CVSS Score: 10.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3867 42047 http://secunia.com/advisories/42047 42052 http://secunia.com/advisories/42052 42217 http://secunia.com/advisories/42217 44562 http://www.securityfocus.com/bid/44562 ADV-2010-2853 http://www.vupen.com/english/advisories/2010/2853 ADV-2010-2941 http://www.vupen.com/english/advisories/2010/2941 ADV-2010-2959 http://www.vupen.com/english/advisories/2010/2959 ADV-2010-2962 http://www.vupen.com/english/advisories/2010/2962 DSA-2191 http://www.debian.org/security/2011/dsa-2191 FEDORA-2010-17091 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html FEDORA-2010-17098 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html FEDORA-2010-17220 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html MDVSA-2010:227 http://www.mandriva.com/security/advisories?name=MDVSA-2010:227 SSA:2010-305-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209 [oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code http://www.openwall.com/lists/oss-security/2010/11/01/4 http://bugs.proftpd.org/show_bug.cgi?id=3519 http://www.proftpd.org/docs/NEWS-1.3.3c Common Vulnerability Exposure (CVE) ID: CVE-2010-4221 BugTraq ID: 44562 http://www.zerodayinitiative.com/advisories/ZDI-10-229/ |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |