Mandrake Linux Security Advisory : proftpd (MDKSA-2002:005)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Matthew S. Hallacy discovered that ProFTPD was not forward resolving
reverse-resolved hostnames. A remote attacker could exploit this to
bypass ProFTPD access controls or have false information logged. Frank
Denis discovered that a remote attacker could send malicious commands
to the ProFTPD server and it would force the process to consume all
CPU and memory resources available to it. This DoS vulnerability could
bring the server down with repeated attacks. Finally, Mattias found a
segmentation fault problem that is considered by the developers to be
unexploitable.

See also :

http://www.nessus.org/u?22b43320
http://www.securityfocus.com/archive/1/169395
http://www.securityfocus.com/archive/1/246331

Solution :

Update the affected proftpd package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13913 (mandrake_MDKSA-2002-005.nasl)

Bugtraq ID: 3310

CVE ID: CVE-2001-1500
CVE-2001-1501

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now