Oracle Solaris Third-Party Patch Update : proftpd (cve_2011_4130_use_after)
High Nessus Plugin ID 80742
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. (CVE-2011-4130)
SolutionUpgrade to Solaris 11/11 SRU 03.