FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

Medium Nessus Plugin ID 21507


The remote FreeBSD host is missing one or more security-related updates.


The ProFTPD release notes states :

sean <infamous42md at> found two format string vulnerabilities, one in mod_sql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited.

These vulnerabilities could potentially lead to information disclosure, a denial-of-server situation, or execution of arbitrary code with the permissions of the user running ProFTPD.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 21507

File Name: freebsd_pkg_c28f4705043f11dabc080001020eed82.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2006/05/13

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:proftpd, p-cpe:/a:freebsd:freebsd:proftpd-mysql, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/08/03

Vulnerability Publication Date: 2005/07/26

Reference Information

CVE: CVE-2005-2390