FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

medium Nessus Plugin ID 21507

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The ProFTPD release notes states :

sean <infamous42md at hotpop.com> found two format string vulnerabilities, one in mod_sql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited.

These vulnerabilities could potentially lead to information disclosure, a denial-of-server situation, or execution of arbitrary code with the permissions of the user running ProFTPD.

Solution

Update the affected packages.

See Also

https://security.gentoo.org/glsa/200508-02

http://www.nessus.org/u?88343689

http://www.nessus.org/u?ad73d2f2

Plugin Details

Severity: Medium

ID: 21507

File Name: freebsd_pkg_c28f4705043f11dabc080001020eed82.nasl

Version: 1.15

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:proftpd, p-cpe:/a:freebsd:freebsd:proftpd-mysql, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/3/2005

Vulnerability Publication Date: 7/26/2005

Reference Information

CVE: CVE-2005-2390