Fedora 12 : proftpd-1.3.3c-1.fc12 (2010-17220)

critical Nessus Plugin ID 50568

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.

 - A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. This has been assigned the name CVE-2010-4221. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521

 - An input validation error within the 'mod_site_misc' module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using 'mod_site_misc', which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519

The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality :

 - mod_geoip

 - mod_sftp

 - mod_sftp_pam

 - mod_sftp_sql

 - mod_shaper

 - mod_sql_passwd

 - mod_tls_shmcache

There is also a new utility 'ftpscrub' for scrubbing the scoreboard file.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected proftpd package.

See Also

http://bugs.proftpd.org/show_bug.cgi?id=3519

http://bugs.proftpd.org/show_bug.cgi?id=3521

https://bugzilla.redhat.com/show_bug.cgi?id=651602

https://bugzilla.redhat.com/show_bug.cgi?id=651607

http://www.nessus.org/u?3d1f02cf

Plugin Details

Severity: Critical

ID: 50568

File Name: fedora_2010-17220.nasl

Version: 1.15

Type: local

Agent: unix

Published: 11/12/2010

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:proftpd, cpe:/o:fedoraproject:fedora:12

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/3/2010

Exploitable With

Core Impact

Metasploit (ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux))

Reference Information

CVE: CVE-2010-3867, CVE-2010-4221

BID: 44562

FEDORA: 2010-17220