proftpd -- arbitrary code execution vulnerability with chroot

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports: If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code.... Proftpd shares the same problem of a similar nature...

CentOS Update for rsync CESA-2011:0999 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[Manual] Безопасный web-сервер. (chroot,mod-security2,etc)

1. Теория 1.0. Постановка задачи Нам требуется построить максимально безопасный web-сервер на основе минимального дистрибьютива Ubuntu, а именно: 1. Создать chroot "песочницу" с помощью debootstrap 2. Установить в песочнице apache2, php5, mysql 3. Установить и настроить mod-security2, а также...

[SECURITY] Fedora 14 Update: pure-ftpd-1.0.32-1.fc14

Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels setfsuid, sendfile, capabilities...

[SECURITY] Fedora 15 Update: pure-ftpd-1.0.32-1.fc15

Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels setfsuid, sendfile, capabilities...

DEBIAN-CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

Directory traversal

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...

Fedora Update for pure-ftpd FEDORA-2011-3349

Check for the Version of pure-ftpd OpenVAS Vulnerability Test Fedora Update for pure-ftpd FEDORA-2011-3349 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

[SECURITY] Fedora 14 Update: pure-ftpd-1.0.30-1.fc14

Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels setfsuid, sendfile, capabilities...

Nostromo 1.9.3 Directory Traversal

Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...

Security fix for the ALT Linux 8 package postgresql11 version 9.0.3-alt1

Feb. 2, 2011 Vladimir V Kamarzin 9.0.3-alt1 - 9.0.3. Fixes CVE-2010-4015. - Chroot scripts: exit silently when PGCHROOTDIR is not set. - Initscript: remove LOCKFILE when stopping the service...

Security fix for the ALT Linux 8 package postgresql9.6 version 9.0.3-alt1

Feb. 2, 2011 Vladimir V Kamarzin 9.0.3-alt1 - 9.0.3 Fixes CVE-2010-4015. - Chroot scripts: exit silently when PGCHROOTDIR is not set. - Initscript: remove LOCKFILE when stopping the service...

Security fix for the ALT Linux 8 package postgresql10 version 9.0.3-alt1

Feb. 2, 2011 Vladimir V Kamarzin 9.0.3-alt1 - 9.0.3 Fixes CVE-2010-4015. - Chroot scripts: exit silently when PGCHROOTDIR is not set. - Initscript: remove LOCKFILE when stopping the service...

Security fix for the ALT Linux 9 package postgresql12 version 9.0.3-alt1

Feb. 2, 2011 Vladimir V Kamarzin 9.0.3-alt1 - 9.0.3 Fixes CVE-2010-4015. - Chroot scripts: exit silently when PGCHROOTDIR is not set. - Initscript: remove LOCKFILE when stopping the service...

Security fix for the ALT Linux 8 package postgresql12 version 9.0.3-alt1

Feb. 2, 2011 Vladimir V Kamarzin 9.0.3-alt1 - 9.0.3. Fixes CVE-2010-4015. - Chroot scripts: exit silently when PGCHROOTDIR is not set. - Initscript: remove LOCKFILE when stopping the service...

rssh -- configuration restrictions bypass

Derek Martin rssh maintainer reports: John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...

Fedora 11 : openssh-5.2p1-6.fc11 (2010-5429)

Rollback chroot patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...