|
Family: FTP --> Category: infos
ProFTPD < 1.3.0rc2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in ProFTPD < 1.3.0rc2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote FTP server is affected by multiple vulnerabilities.
Description :
The remote host is using ProFTPD, a free FTP server for Unix and
Linux.
According to its banner, the version of ProFTPD installed on the
remote host suffers from multiple format string vulnerabilities, one
involving the 'ftpshut' utility and the other in mod_sql's
'SQLShowInfo' directive. Exploitation of either requires involvement
on the part of a site administrator and can lead to information
disclosure, denial of service, and even a compromise of the affected
system.
See also :
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2
Solution :
Upgrade to ProFTPD version 1.3.0rc2 or later.
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|