Mandriva Linux Security Advisory : proftpd (MDVSA-2011:181)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered and fixed in proftpd :

Use-after-free vulnerability in the Response API in ProFTPD before
1.3.3g allows remote authenticated users to execute arbitrary code via
vectors involving an error that occurs after an FTP data transfer
(CVE-2011-4130).

The updated packages have been upgraded to the latest version 1.3.3g
which is not vulnerable to this issue.

See also :

http://www.proftpd.org/docs/NEWS-1.3.3g

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 57046 ()

Bugtraq ID: 50631

CVE ID: CVE-2011-4130

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now