Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.61299 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Security Advisory RHSA-2008:0579 |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2008:0579. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red Hat Enterprise Linux 3 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS. (CVE-2008-2375) This update mitigates this security issue by including a backported patch which terminates a session after a given number of failed log in attempts. The default number of attempts is 3 and this can be configured using the max_login_fails directive. All vsftpd users should upgrade to this updated package, which addresses this vulnerability. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0579.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.1 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-2375 BugTraq ID: 30364 http://www.securityfocus.com/bid/30364 Bugtraq: 20080708 rPSA-2008-0217-1 vsftpd (Google Search) http://www.securityfocus.com/archive/1/494081/100/0/threaded http://www.openwall.com/lists/oss-security/2008/06/30/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138 http://www.redhat.com/support/errata/RHSA-2008-0579.html http://www.redhat.com/support/errata/RHSA-2008-0680.html http://www.securitytracker.com/id?1020546 http://secunia.com/advisories/31007 http://secunia.com/advisories/31223 http://secunia.com/advisories/32263 http://www.vupen.com/english/advisories/2008/2820 |
Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |