FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)
Medium Nessus Plugin ID 21507
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe ProFTPD release notes states :
sean <infamous42md at hotpop.com> found two format string vulnerabilities, one in mod_sql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited.
These vulnerabilities could potentially lead to information disclosure, a denial-of-server situation, or execution of arbitrary code with the permissions of the user running ProFTPD.
SolutionUpdate the affected packages.