Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:041: proftpd Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the proftpd package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:041 (proftpd).
A portability workaround that was applied in version 1.2.9 of the ProFTPD FTP
server caused CIDR based ACL entries in 'Allow' and 'Deny' directives to act
like an 'AllowAll' directive. This granted FTP clients access to files and
directories that the server configuration may have been explicitly denying.
This problem only exists in version 1.2.9 and has been fixed upstream. A patch
has been applied to correct the problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:041
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.