Detections
Analytics
Debian DSA-2191-1 : proftpd-dfsg - several vulnerabilities
high Nessus Plugin ID 52660
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon :- CVE-2008-7265 Incorrect handling of the ABOR command could lead to denial of service through elevated CPU consumption.
- CVE-2010-3867 Several directory traversal vulnerabilities have been discovered in the mod_site_misc module.
- CVE-2010-4562 A SQL injection vulnerability was discovered in the mod_sql module.
Solution
Upgrade the proftpd-dfsg packages.For the oldstable distribution (lenny), this problem has been fixed in version 1.3.1-17lenny6.
The stable distribution (squeeze) and the unstable distribution (sid) are not affected, these vulnerabilities have been fixed prior to the release of Debian 6.0 (squeeze).
See Also
https://security-tracker.debian.org/tracker/CVE-2008-7265
https://security-tracker.debian.org/tracker/CVE-2010-3867
Plugin Details
Severity: High
ID: 52660
File Name: debian_DSA-2191.nasl
Version: 1.12
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/15/2011
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:proftpd-dfsg, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 3/14/2011
Exploitable With
Metasploit (ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux))
Reference Information
CVE: CVE-2008-7265, CVE-2010-3867, CVE-2010-4652
DSA: 2191