This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
The updated packages have been patched to prevent this issue. As well,
this update provides proper PAM configuration files for ProFTPD on
Corporate Server 4 that had prevented any mod_auth_pam-based
connections from succeeding authentication.
As well, ProFTPD 1.3.0 is being provided for Corporate 3 and Corporate
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.1