Mandrake Linux Security Advisory : proftpd (MDKSA-2001:021)

high Nessus Plugin ID 61895

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

The ProFTPD FTP server has problems with memory leaking that could be used in a DoS attack, as reported by Wojciech Purczynski. A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed.

Solution

Update the affected proftpd package.

Plugin Details

Severity: High

ID: 61895

File Name: mandrake_MDKSA-2001-021.nasl

Version: 1.7

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:proftpd, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/8/2001

Reference Information

CVE: CVE-2001-0136, CVE-2001-0318

MDKSA: 2001:021