Detections
Analytics
Debian DLA-2338-2 : proftpd-dfsg regression update
high Nessus Plugin ID 139758
Language:
Synopsis
The remote Debian host is missing a security update.Description
The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections.For Debian 9 stretch, this problem has been fixed in version 1.3.5e+r1.3.5b-4+deb9u2.
We recommend that you upgrade your proftpd-dfsg packages.
For the detailed security status of proftpd-dfsg please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected packages.See Also
https://lists.debian.org/debian-lts-announce/2020/08/msg00042.html
Plugin Details
Severity: High
ID: 139758
File Name: debian_DLA-2338.nasl
Version: 1.2
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 8/24/2020
Updated: 8/26/2020
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:proftpd-mod-odbc, p-cpe:/a:debian:debian_linux:proftpd-mod-ldap, p-cpe:/a:debian:debian_linux:proftpd-dev, p-cpe:/a:debian:debian_linux:proftpd-mod-geoip, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:proftpd-mod-sqlite, p-cpe:/a:debian:debian_linux:proftpd-doc, p-cpe:/a:debian:debian_linux:proftpd-mod-mysql, p-cpe:/a:debian:debian_linux:proftpd-mod-pgsql, p-cpe:/a:debian:debian_linux:proftpd-basic
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 8/25/2020
Vulnerability Publication Date: 8/25/2020