FreeBSD : proftpd -- arbitrary code execution vulnerability with chroot (022a4c77-2da4-11e1-b356-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports :

If ftpd is configured to place a user in a chroot environment, then an
attacker who can log in as that user may be able to run arbitrary
code(...).

Proftpd shares the same problem of a similar nature.

See also :

http://seclists.org/fulldisclosure/2011/Nov/452
http://www.nessus.org/u?655d7e46

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57402 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now