FTP : ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.100316

Kategorie: FTP

Titel: ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Zusammenfassung: ProFTPD is prone to a security-bypass vulnerability because the; application fails to properly validate the domain name in a signed CA; certificate, allowing attackers to substitute malicious SSL; certificates for trusted ones.

Beschreibung: Summary:
ProFTPD is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.

Vulnerability Impact:
Successful exploits allows attackers to perform man-in-the-
middle attacks or impersonate trusted servers, which will aid in further attacks.

Affected Software/OS:
Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.

Solution:
Updates are available. Please see the references for details.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Querverweis: BugTraq ID: 36804
Common Vulnerability Exposure (CVE) ID: CVE-2009-3639
http://www.securityfocus.com/bid/36804
Debian Security Information: DSA-1925 (Google Search)
http://www.debian.org/security/2009/dsa-1925
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:288
http://marc.info/?l=oss-security&m=125632960508211&w=2
http://marc.info/?l=oss-security&m=125630966510672&w=2
http://secunia.com/advisories/37131
http://secunia.com/advisories/37219
XForce ISS Database: proftpd-modtls-security-bypass(53936)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53936

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.100316
Kategorie:	FTP
Titel:	ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Zusammenfassung:	ProFTPD is prone to a security-bypass vulnerability because the; application fails to properly validate the domain name in a signed CA; certificate, allowing attackers to substitute malicious SSL; certificates for trusted ones.
Beschreibung:	Summary: ProFTPD is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Vulnerability Impact: Successful exploits allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Affected Software/OS: Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable. Solution: Updates are available. Please see the references for details. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	BugTraq ID: 36804 Common Vulnerability Exposure (CVE) ID: CVE-2009-3639 http://www.securityfocus.com/bid/36804 Debian Security Information: DSA-1925 (Google Search) http://www.debian.org/security/2009/dsa-1925 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:288 http://marc.info/?l=oss-security&m=125632960508211&w=2 http://marc.info/?l=oss-security&m=125630966510672&w=2 http://secunia.com/advisories/37131 http://secunia.com/advisories/37219 XForce ISS Database: proftpd-modtls-security-bypass(53936) https://exchange.xforce.ibmcloud.com/vulnerabilities/53936
Copyright	Copyright (C) 2009 Greenbone Networks GmbH