Debian Security Advisory DSA 1222-1 (proftpd)

Debian Advisory DSA 1222-1 proftpd update for remote code execution and denial of servic

Reporter	Title	Published	Views	Family All 66
ALT Linux	Security fix for the ALT Linux 8 package proftpd version 1.3.0rel-alt1.3	14 Nov 200600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package proftpd version 1.3.0rel-alt2	16 May 200700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package proftpd version 1.3.0rel-alt1.2	13 Nov 200600:00	–	altlinux
FreeBSD	proftpd -- remote code execution vulnerabilities	10 Nov 200600:00	–	freebsd
Tenable Nessus	ProFTPD Command Truncation Cross-Site Request Forgery	22 Sep 200800:00	–	nessus
Tenable Nessus	Debian DSA-1218-1 : proftpd - programming error	22 Nov 200600:00	–	nessus
Tenable Nessus	Debian DSA-1222-2 : proftpd - several vulnerabilities	4 Dec 200600:00	–	nessus
Tenable Nessus	FreeBSD : proftpd -- remote code execution vulnerabilities (3f851b22-89fb-11db-a937-003048116330)	30 Dec 200600:00	–	nessus
Tenable Nessus	GLSA-200611-26 : ProFTPD: Remote execution of arbitrary code	4 Dec 200600:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : proftpd (MDKSA-2006:217-1)	18 Feb 200700:00	–	nessus

# OpenVAS Vulnerability Test
# $Id: deb_1222_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1222-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) these problem has been fixed in version
1.2.10-15sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.0-16 of the proftpd-dfsg package.

We recommend that you upgrade your proftpd package.

 https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201222-1";
tag_summary = "The remote host is missing an update to proftpd
announced via advisory DSA 1222-1.

Several remote vulnerabilities have been discovered in the proftpd FTP
daemon, which may lead to the execution of arbitrary code or denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2006-5815

It was discovered that a buffer overflow in the sreplace() function
may lead to denial of service and possibly the execution of arbitrary
code.

CVE-2006-6170

It was discovered that a buffer overflow in the mod_tls addon module
may lead to the execution of arbitrary code.

CVE-2006-6171

It was discovered that insufficient validation of FTP command buffer
size limits may lead to denial of service. Due to unclear information
this issue was already fixed in DSA-1218 as CVE-2006-5815.";


if(description)
{
 script_id(57683);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)");
 script_cve_id("CVE-2006-5815", "CVE-2006-6170", "CVE-2006-6171");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Debian Security Advisory DSA 1222-1 (proftpd)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"proftpd-doc", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"proftpd", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"proftpd-common", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"proftpd-ldap", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"proftpd-mysql", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"proftpd-pgsql", ver:"1.2.10-15sarge3", rls:"DEB3.1")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

07 Jul 2017 00:00Current

1.4Low risk

Vulners AI Score1.4

EPSS0.74734