Detections
Analytics

openSUSE Security Update : proftpd (openSUSE-SU-2013:1563-1)

medium Nessus Plugin ID 75173

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

proftpd was updated to 1.3.4d.

 - Fixed broken build when using --disable-ipv6 configure option

 - Fixed mod_sql 'SQLAuthType Backend' MySQL issues

 - fix for bnc#843444 (CVE-2013-4359)

 - http://bugs.proftpd.org/show_bug.cgi?id=3973

 - add proftpd-sftp-kbdint-max-responses-bug3973.patch

 - Improve systemd service file

- use upstream tmpfiles.d file. related to [bnc#811793]

 - Use /run instead of /var/run

- update to 1.3.4c

 - Added Spanish translation.

 - Fixed several mod_sftp issues, including SFTPPassPhraseProvider, handling of symlinks for REALPATH requests, and response code logging.

 - Fixed symlink race for creating directories when UserOwner is in effect.

 - Increased performance of FTP directory listings.

 - rebase and rename patches (remove version string)

 - proftpd-1.3.4a-dist.patch -> proftpd-dist.patch

 - proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch

 - proftpd-1.3.4a-strip.patch -> proftpd-strip.patch

 - fix proftpd.conf (rebase basic.conf patch)

 - IdentLookups is now a separate module <IfModule mod_ident.c> IdentLookups on/off </IfModule> is needed and module is not built cause crrodriguez disabled it.

 - fix for bnc#787884 (https://bugzilla.novell.com/show_bug.cgi?id=787884)

 - added extra Source proftpd.conf.tmpfile

 - Disable ident lookups, this protocol is totally obsolete and dangerous. (add --disable-ident)

 - Fix debug info generation ( add --disable-strip)

- Add systemd unit

- update to 1.3.4b

 + Fixed mod_ldap segfault on login when LDAPUsers with no filters used.

 + Fixed sporadic SFTP upload issues for large files.

 + Fixed SSH2 handling for some clients (e.g. OpenVMS).

 + New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions

 + Fixed build errors on Tru64, AIX, Cygwin.

 - add Source Signatuire (.asc) file

 - add noBuildDate patch

 - add lang pkg

 - --enable-nls

 - add configure option

 - --enable-openssl, --with-lastlog

Solution

Update the affected proftpd packages.

See Also

http://bugs.proftpd.org/show_bug.cgi?id=3973

https://bugzilla.novell.com/show_bug.cgi?id=787884

https://bugzilla.novell.com/show_bug.cgi?id=811793

https://bugzilla.novell.com/show_bug.cgi?id=843444

https://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html

Plugin Details

Severity: Medium

ID: 75173

File Name: openSUSE-2013-778.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo, p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:12.2, p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo, p-cpe:/a:novell:opensuse:proftpd-mysql, p-cpe:/a:novell:opensuse:proftpd-lang, p-cpe:/a:novell:opensuse:proftpd-sqlite, p-cpe:/a:novell:opensuse:proftpd-debuginfo, p-cpe:/a:novell:opensuse:proftpd, p-cpe:/a:novell:opensuse:proftpd-debugsource, p-cpe:/a:novell:opensuse:proftpd-pgsql, p-cpe:/a:novell:opensuse:proftpd-devel, p-cpe:/a:novell:opensuse:proftpd-radius, p-cpe:/a:novell:opensuse:proftpd-ldap, p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo, p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2013

Reference Information

CVE: CVE-2013-4359

BID: 62328