Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-140.NASL
HistoryOct 05, 2005 - 12:00 a.m.

Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)

2005-10-0500:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when the shutdown message is being sent.

The second exists when displaying response messages to the cleint using information retreived from a database using mod_sql. Note that mod_sql support is not enabled by default, but the contrib source file has been patched regardless.

The updated packages have been patched to correct these problems.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:140. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19897);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2390");
  script_xref(name:"MDKSA", value:"2005:140");

  script_name(english:"Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two format string vulnerabilities were discovered in ProFTPD. The
first exists when displaying a shutdown message containin the name of
the current directory. This could be exploited by a user who creates a
directory containing format specifiers and sets the directory as the
current directory when the shutdown message is being sent.

The second exists when displaying response messages to the cleint
using information retreived from a database using mod_sql. Note that
mod_sql support is not enabled by default, but the contrib source file
has been patched regardless.

The updated packages have been patched to correct these problems."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://secuniaresearch.flexerasoftware.com/advisories/16181"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected proftpd and / or proftpd-anonymous packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-anonymous");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"proftpd-1.2.9-3.3.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"proftpd-anonymous-1.2.9-3.3.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.1", reference:"proftpd-1.2.10-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"proftpd-anonymous-1.2.10-2.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"proftpd-1.2.10-9.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"proftpd-anonymous-1.2.10-9.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxproftpdp-cpe:/a:mandriva:linux:proftpd
mandrivalinuxproftpd-anonymousp-cpe:/a:mandriva:linux:proftpd-anonymous
mandrakesoftmandrake_linux10.0cpe:/o:mandrakesoft:mandrake_linux:10.0
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Related

nessus 4
openvas 6
gentoo 1
debian 4
ubuntucve 1
cve 1
freebsd 1
nessus
nessus
FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)
2006-05-13 00:00:00
Debian DSA-795-2 : proftpd - potential code execution
2005-09-06 00:00:00
ProFTPD < 1.3.0rc2 Multiple Remote Format Strings
2005-07-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200508-02 (proftpd)
2008-09-24 00:00:00
Debian Security Advisory DSA 795-2 (proftpd)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200508-02 (proftpd)
2008-09-24 00:00:00
gentoo
gentoo
ProFTPD: Format string vulnerabilities
2005-08-01 00:00:00
debian
debian
[SECURITY] [DSA 795-1] New proftpd packages fix format string vulnerability
2005-09-02 01:50:47
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
2005-09-03 01:28:34
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
2005-09-03 01:28:34
ubuntucve
ubuntucve
CVE-2005-2390
2005-07-27 00:00:00
cve
cve
CVE-2005-2390
2005-07-27 04:00:00
freebsd
freebsd
proftpd -- format string vulnerabilities
2005-07-26 00:00:00
JSON
Related for MANDRAKE_MDKSA-2005-140.NASL
nessus4openvas6gentoo1debian4ubuntucve1cve1freebsd1