Debian Local Security Checks : Debian LTS: Security Advisory for proftpd-dfsg (DLA-2115-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.892115

Categoría: Debian Local Security Checks

Título: Debian LTS: Security Advisory for proftpd-dfsg (DLA-2115-1)

Resumen: The remote host is missing an update for the 'proftpd-dfsg'; package(s) announced via the DLA-2115-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'proftpd-dfsg'
package(s) announced via the DLA-2115-1 advisory.

Vulnerability Insight:
It was discovered that there was a use-after-free vulnerability
in the proftpd-dfsg FTP server.

Exploitation of this vulnerability within the memory pool handling
could have allowed a remote attacker to execute arbitrary code on the
affected system.

Affected Software/OS:
'proftpd-dfsg' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', this issue has been fixed in proftpd-dfsg version
1.3.5e+r1.3.5-2+deb8u6.

We recommend that you upgrade your proftpd-dfsg packages.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-9273
Debian Security Information: DSA-4635 (Google Search)
https://www.debian.org/security/2020/dsa-4635
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/
https://security.gentoo.org/glsa/202003-35
https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html
http://www.openwall.com/lists/oss-security/2021/08/25/1
http://www.openwall.com/lists/oss-security/2021/09/06/2
SuSE Security Announcement: openSUSE-SU-2020:0273 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.892115
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for proftpd-dfsg (DLA-2115-1)
Resumen:	The remote host is missing an update for the 'proftpd-dfsg'; package(s) announced via the DLA-2115-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'proftpd-dfsg' package(s) announced via the DLA-2115-1 advisory. Vulnerability Insight: It was discovered that there was a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling could have allowed a remote attacker to execute arbitrary code on the affected system. Affected Software/OS: 'proftpd-dfsg' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', this issue has been fixed in proftpd-dfsg version 1.3.5e+r1.3.5-2+deb8u6. We recommend that you upgrade your proftpd-dfsg packages. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-9273 Debian Security Information: DSA-4635 (Google Search) https://www.debian.org/security/2020/dsa-4635 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/ https://security.gentoo.org/glsa/202003-35 https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html http://www.openwall.com/lists/oss-security/2021/08/25/1 http://www.openwall.com/lists/oss-security/2021/09/06/2 SuSE Security Announcement: openSUSE-SU-2020:0273 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH