FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The ProFTPD release notes states :

sean <infamous42md at hotpop.com> found two format string
vulnerabilities, one in mod_sql's SQLShowInfo directive, and one
involving the 'ftpshut' utility. Both can be considered low risk, as
they require active involvement on the part of the site administrator
in order to be exploited.

These vulnerabilities could potentially lead to information
disclosure, a denial-of-server situation, or execution of arbitrary
code with the permissions of the user running ProFTPD.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200508-02.xml
http://www.nessus.org/u?88343689
http://www.nessus.org/u?13cbe76f

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21507 (freebsd_pkg_c28f4705043f11dabc080001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now