Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:140: proftpd Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the proftpd package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:140 (proftpd).
Two format string vulnerabilities were discovered in ProFTPD. The first exists
when displaying a shutdown message containin the name of the current directory.
This could be exploited by a user who creates a directory containing format
specifiers and sets the directory as the current directory when the shutdown
message is being sent.
The second exists when displaying response messages to the cleint using
information retreived from a database using mod_sql. Note that mod_sql support
is not enabled by default, but the contrib source file has been patched
The updated packages have been patched to correct these problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:140
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.