Debian DSA-2346-2 : proftpd-dfsg - several vulnerabilities
High Nessus Plugin ID 56850
The remote Debian host is missing a security-related update.
Several vulnerabilities were discovered in ProFTPD, an FTP server : - (No CVE id) ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. - CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. (The version in lenny is not affected by this problem.)
Upgrade the proftpd-dfsg packages. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.1-17lenny9. For the stable distribution (squeeze), this problem has been fixed in version 1.3.3a-6squeeze4.