Package : proftpd-dfsg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4130
Debian Bug : 648373
Several vulnerabilities were discovered in ProFTPD, an FTP server:
ProFTPD incorrectly uses data from an unencrypted input buffer
after encryption has been enabled with STARTTLS, an issue
similar to CVE-2011-0411.
CVE-2011-4130
ProFTPD uses a response pool after freeing it under
exceptional conditions, possibly leading to remote code
execution. (The version in lenny is not affected by this
problem.)
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny8.
For the stable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze4.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1.3.4~rc3-2.
We recommend that you upgrade your proftpd-dfsg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
{"id": "SECURITYVULNS:DOC:27326", "bulletinFamily": "software", "title": "[SECURITY] [DSA 2346-1] proftpd-dfsg security update", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2346-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nNovember 15, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : proftpd-dfsg\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-4130\r\nDebian Bug : 648373\r\n\r\nSeveral vulnerabilities were discovered in ProFTPD, an FTP server:\r\n\r\n ProFTPD incorrectly uses data from an unencrypted input buffer\r\n after encryption has been enabled with STARTTLS, an issue\r\n similar to CVE-2011-0411.\r\n\r\nCVE-2011-4130\r\n ProFTPD uses a response pool after freeing it under\r\n exceptional conditions, possibly leading to remote code\r\n execution. (The version in lenny is not affected by this\r\n problem.)\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 1.3.1-17lenny8.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.3.3a-6squeeze4.\r\n\r\nFor the testing distribution (wheezy) and the unstable distribution\r\n(sid), this problem has been fixed in version 1.3.4~rc3-2.\r\n\r\nWe recommend that you upgrade your proftpd-dfsg packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJOwtBGAAoJEL97/wQC1SS+qHcIALRWXUJlJ6Ufbh4DP1+ibjwW\r\nlyJmGf+XKWCYT65jYjXzC+zDzjAGHvkwy1Vqwl7y7SD38h5/bYlr4O2n5BdwdPYA\r\nN5rcdFtse8XXGGBrN8x4OjSgmson2gWy8cxCG3cgtLa3+815frrDc9PlZYM+wsIK\r\nyfY4xEIV2cisJdy9wpOTLZJvAt6Hv2lp7vGEBM21wAbkxl5/anLvsij2E1FBNSNp\r\n2fUxT4kAl7p39rL8103rCL/D0TreP62n5wuILGuikxdW8/c1ZRG9aaBWMRraUZ6V\r\nUWYRPdjD+kjVidzukxYRLrf/VN7RmsqKsQNz5fez+pRRRfjoCdmVzSLGvSNs5C4=\r\n=YlU+\r\n-----END PGP SIGNATURE-----\r\n", "published": "2011-11-21T00:00:00", "modified": "2011-11-21T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27326", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-4130", "CVE-2011-0411"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 27, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4130", "CVE-2011-0411"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863630", "OPENVAS:70559", "OPENVAS:863630", "OPENVAS:863897", "OPENVAS:1361412562310831503", "OPENVAS:136141256231071967", "OPENVAS:70560", "OPENVAS:1361412562310863897", "OPENVAS:71967", "OPENVAS:136141256231070559"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2012-041-04.NASL", "MANDRIVA_MDVSA-2011-181.NASL", "FEDORA_2011-15741.NASL", "OPENSUSE-2011-19.NASL", "PROFTPD_1_3_3G.NASL", "FEDORA_2011-15740.NASL", "SOLARIS11_PROFTPD_20120119.NASL", "DEBIAN_DSA-2346.NASL", "SUSE_11_4_POSTFIX-110330.NASL", "FEDORA_2011-15765.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2346-1:5B734"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25899", "SECURITYVULNS:VULN:12046"]}, {"type": "slackware", "idList": ["SSA-2012-041-04"]}, {"type": "fedora", "idList": ["FEDORA:512DE27FD6", "FEDORA:D5FD3110BA8", "FEDORA:ED2D0110E6F", "FEDORA:BDA9F21436", "FEDORA:76E8B2161B", "FEDORA:A8B072132F"]}, {"type": "seebug", "idList": ["SSV:26016", "SSV:24282"]}, {"type": "freebsd", "idList": ["14A6F516-502F-11E0-B448-BBFA2731F9C7"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0423"]}, {"type": "redhat", "idList": ["RHSA-2011:0423"]}, {"type": "hackerone", "idList": ["H1:953219"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 6.4}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T19:39:11", "description": "Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.", "edition": 5, "cvss3": {}, "published": "2011-12-06T11:55:00", "title": "CVE-2011-4130", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4130"], "modified": "2011-12-08T05:00:00", "cpe": ["cpe:/a:proftpd:proftpd:1.2.5", "cpe:/a:proftpd:proftpd:1.3.2", "cpe:/a:proftpd:proftpd:1.3.1", "cpe:/a:proftpd:proftpd:1.2.0", "cpe:/a:proftpd:proftpd:1.2.4", "cpe:/a:proftpd:proftpd:1.2.10", "cpe:/a:proftpd:proftpd:1.2.6", "cpe:/a:proftpd:proftpd:1.2.9", "cpe:/a:proftpd:proftpd:1.3.0", "cpe:/a:proftpd:proftpd:1.2.2", "cpe:/a:proftpd:proftpd:1.2.3", "cpe:/a:proftpd:proftpd:1.2.8", "cpe:/a:proftpd:proftpd:1.3.3", "cpe:/a:proftpd:proftpd:1.2.7", "cpe:/a:proftpd:proftpd:1.2.1"], "id": "CVE-2011-4130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4130", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:proftpd:proftpd:1.3.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:d:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:pre10:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:pre9:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:e:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.9:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:f:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.5:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.2.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:23", "description": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.", "edition": 3, "cvss3": {}, "published": "2011-03-16T22:55:00", "title": "CVE-2011-0411", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0411"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:postfix:postfix:2.6.1", "cpe:/a:postfix:postfix:2.4.11", "cpe:/a:postfix:postfix:2.4.8", "cpe:/a:postfix:postfix:2.4.7", "cpe:/a:postfix:postfix:2.6.5", "cpe:/a:postfix:postfix:2.4.6", "cpe:/a:postfix:postfix:2.5.1", "cpe:/a:postfix:postfix:2.4.9", "cpe:/a:postfix:postfix:2.6.4", "cpe:/a:postfix:postfix:2.5.2", "cpe:/a:postfix:postfix:2.5.0", "cpe:/a:postfix:postfix:2.5.7", "cpe:/a:postfix:postfix:2.7.2", "cpe:/a:postfix:postfix:2.5.10", "cpe:/a:postfix:postfix:2.6.8", "cpe:/a:postfix:postfix:2.4.15", "cpe:/a:postfix:postfix:2.4.4", "cpe:/a:postfix:postfix:2.6", "cpe:/a:postfix:postfix:2.4.10", "cpe:/a:postfix:postfix:2.6.2", "cpe:/a:postfix:postfix:2.5.3", "cpe:/a:postfix:postfix:2.4.3", "cpe:/a:postfix:postfix:2.5.11", "cpe:/a:postfix:postfix:2.5.4", "cpe:/a:postfix:postfix:2.6.6", "cpe:/a:postfix:postfix:2.4.0", "cpe:/a:postfix:postfix:2.4", "cpe:/a:postfix:postfix:2.7.1", "cpe:/a:postfix:postfix:2.7.0", "cpe:/a:postfix:postfix:2.4.5", "cpe:/a:postfix:postfix:2.5.5", "cpe:/a:postfix:postfix:2.4.12", "cpe:/a:postfix:postfix:2.6.0", "cpe:/a:postfix:postfix:2.6.3", "cpe:/a:postfix:postfix:2.4.1", "cpe:/a:postfix:postfix:2.5.6", "cpe:/a:postfix:postfix:2.4.2", "cpe:/a:postfix:postfix:2.4.14", "cpe:/a:postfix:postfix:2.5.9", "cpe:/a:postfix:postfix:2.6.7", "cpe:/a:postfix:postfix:2.5.8", "cpe:/a:postfix:postfix:2.4.13"], "id": "CVE-2011-0411", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0411", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130", "CVE-2011-0411"], "description": "The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70559", "href": "http://plugins.openvas.org/nasl.php?oid=70559", "type": "openvas", "title": "Debian Security Advisory DSA 2346-1 (proftpd-dfsg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2346_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2346-1 (proftpd-dfsg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in ProFTPD, an FTP server:\n\nProFTPD incorrectly uses data from an unencrypted input buffer\nafter encryption has been enabled with STARTTLS, an issue\nsimilar to CVE-2011-0411.\n\nCVE-2011-4130\nProFTPD uses a response pool after freeing it under\nexceptional conditions, possibly leading to remote code\nexecution. (The version in lenny is not affected by this\nproblem.)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny8.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.4~rc3-2.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\";\ntag_summary = \"The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-1\";\n\nif(description)\n{\n script_id(70559);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4130\", \"CVE-2011-0411\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:29:49 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2346-1 (proftpd-dfsg)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.4a-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130", "CVE-2011-0411"], "description": "The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070559", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070559", "type": "openvas", "title": "Debian Security Advisory DSA 2346-1 (proftpd-dfsg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2346_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2346-1 (proftpd-dfsg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70559\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4130\", \"CVE-2011-0411\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:29:49 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2346-1 (proftpd-dfsg)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in ProFTPD, an FTP server:\n\nProFTPD incorrectly uses data from an unencrypted input buffer\nafter encryption has been enabled with STARTTLS, an issue\nsimilar to CVE-2011-0411.\n\nCVE-2011-4130\nProFTPD uses a response pool after freeing it under\nexceptional conditions, possibly leading to remote code\nexecution. (The version in lenny is not affected by this\nproblem.)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny8.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.4~rc3-2.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your proftpd-dfsg packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.3a-6squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.4a-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2012-041-04.", "modified": "2017-07-06T00:00:00", "published": "2012-09-10T00:00:00", "id": "OPENVAS:71967", "href": "http://plugins.openvas.org/nasl.php?oid=71967", "type": "openvas", "title": "Slackware Advisory SSA:2012-041-04 proftpd ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2012_041_04.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2012-041-04\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2012-041-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2012-041-04\";\n \nif(description)\n{\n script_id(71967);\n script_cve_id(\"CVE-2011-4130\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2012-041-04 proftpd \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"proftpd\", ver:\"1.3.4a-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-28T15:29:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-2.", "modified": "2018-02-28T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70560", "href": "http://plugins.openvas.org/nasl.php?oid=70560", "type": "openvas", "title": "Debian Security Advisory DSA 2346-2 (proftpd-dfsg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2346_2.nasl 8972 2018-02-28 07:02:10Z cfischer $\n# Description: Auto-generated from advisory DSA 2346-2 (proftpd-dfsg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ProFTPD security update, DSA-2346-1, introduced a regression,\npreventing successful TLS connections. This regression does not\naffected the stable distribution (squeeze), nor the testing and\nunstable distributions.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny9.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\";\ntag_summary = \"The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-2\";\n\nif(description)\n{\n script_id(70560);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 8972 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-28 08:02:10 +0100 (Wed, 28 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:30:05 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2346-2 (proftpd-dfsg)\");\n script_cve_id(\"CVE-2011-4130\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny9\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "Check for the Version of proftpd", "modified": "2017-12-28T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863897", "href": "http://plugins.openvas.org/nasl.php?oid=863897", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2011-15765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for proftpd FEDORA-2011-15765\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ProFTPD is an enhanced FTP server with a focus toward simplicity, security,\n and ease of configuration. It features a very Apache-like configuration\n syntax, and a highly customizable server infrastructure, including support for\n multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory\n visibility.\n\n This package defaults to the standalone behavior of ProFTPD, but all the\n needed scripts to have it run by xinetd instead are included.\";\n\ntag_affected = \"proftpd on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069449.html\");\n script_id(863897);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:38 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4130\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-15765\");\n script_name(\"Fedora Update for proftpd FEDORA-2011-15765\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of proftpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:1361412562310831503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831503", "type": "openvas", "title": "Mandriva Update for proftpd MDVSA-2011:181 (proftpd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for proftpd MDVSA-2011:181 (proftpd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-12/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831503\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:54:48 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:181\");\n script_cve_id(\"CVE-2011-4130\");\n script_name(\"Mandriva Update for proftpd MDVSA-2011:181 (proftpd)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"proftpd on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability was discovered and fixed in proftpd:\n\n Use-after-free vulnerability in the Response API in ProFTPD before\n 1.3.3g allows remote authenticated users to execute arbitrary code\n via vectors involving an error that occurs after an FTP data transfer\n (CVE-2011-4130).\n\n The updated packages have been upgraded to the latest version 1.3.3g\n which is not vulnerable to this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_autohost\", rpm:\"proftpd-mod_autohost~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ban\", rpm:\"proftpd-mod_ban~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_case\", rpm:\"proftpd-mod_case~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ctrls_admin\", rpm:\"proftpd-mod_ctrls_admin~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_gss\", rpm:\"proftpd-mod_gss~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ifsession\", rpm:\"proftpd-mod_ifsession~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ldap\", rpm:\"proftpd-mod_ldap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_load\", rpm:\"proftpd-mod_load~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab\", rpm:\"proftpd-mod_quotatab~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_file\", rpm:\"proftpd-mod_quotatab_file~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_ldap\", rpm:\"proftpd-mod_quotatab_ldap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_radius\", rpm:\"proftpd-mod_quotatab_radius~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_sql\", rpm:\"proftpd-mod_quotatab_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_radius\", rpm:\"proftpd-mod_radius~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ratio\", rpm:\"proftpd-mod_ratio~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_rewrite\", rpm:\"proftpd-mod_rewrite~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp\", rpm:\"proftpd-mod_sftp~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_pam\", rpm:\"proftpd-mod_sftp_pam~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_sql\", rpm:\"proftpd-mod_sftp_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_shaper\", rpm:\"proftpd-mod_shaper~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_site_misc\", rpm:\"proftpd-mod_site_misc~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql\", rpm:\"proftpd-mod_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_mysql\", rpm:\"proftpd-mod_sql_mysql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_passwd\", rpm:\"proftpd-mod_sql_passwd~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_postgres\", rpm:\"proftpd-mod_sql_postgres~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_sqlite\", rpm:\"proftpd-mod_sql_sqlite~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_time\", rpm:\"proftpd-mod_time~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls\", rpm:\"proftpd-mod_tls~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls_shmcache\", rpm:\"proftpd-mod_tls_shmcache~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_vroot\", rpm:\"proftpd-mod_vroot~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap\", rpm:\"proftpd-mod_wrap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_file\", rpm:\"proftpd-mod_wrap_file~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_sql\", rpm:\"proftpd-mod_wrap_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_autohost\", rpm:\"proftpd-mod_autohost~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ban\", rpm:\"proftpd-mod_ban~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_case\", rpm:\"proftpd-mod_case~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ctrls_admin\", rpm:\"proftpd-mod_ctrls_admin~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_gss\", rpm:\"proftpd-mod_gss~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ifsession\", rpm:\"proftpd-mod_ifsession~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ldap\", rpm:\"proftpd-mod_ldap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_load\", rpm:\"proftpd-mod_load~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab\", rpm:\"proftpd-mod_quotatab~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_file\", rpm:\"proftpd-mod_quotatab_file~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_ldap\", rpm:\"proftpd-mod_quotatab_ldap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_radius\", rpm:\"proftpd-mod_quotatab_radius~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_sql\", rpm:\"proftpd-mod_quotatab_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_radius\", rpm:\"proftpd-mod_radius~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ratio\", rpm:\"proftpd-mod_ratio~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_rewrite\", rpm:\"proftpd-mod_rewrite~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp\", rpm:\"proftpd-mod_sftp~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_pam\", rpm:\"proftpd-mod_sftp_pam~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_sql\", rpm:\"proftpd-mod_sftp_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_shaper\", rpm:\"proftpd-mod_shaper~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_site_misc\", rpm:\"proftpd-mod_site_misc~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql\", rpm:\"proftpd-mod_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_mysql\", rpm:\"proftpd-mod_sql_mysql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_passwd\", rpm:\"proftpd-mod_sql_passwd~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_postgres\", rpm:\"proftpd-mod_sql_postgres~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_sqlite\", rpm:\"proftpd-mod_sql_sqlite~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_time\", rpm:\"proftpd-mod_time~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls\", rpm:\"proftpd-mod_tls~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls_shmcache\", rpm:\"proftpd-mod_tls_shmcache~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_vroot\", rpm:\"proftpd-mod_vroot~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap\", rpm:\"proftpd-mod_wrap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_file\", rpm:\"proftpd-mod_wrap_file~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_sql\", rpm:\"proftpd-mod_wrap_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "Check for the Version of proftpd", "modified": "2017-07-10T00:00:00", "published": "2011-11-21T00:00:00", "id": "OPENVAS:863630", "href": "http://plugins.openvas.org/nasl.php?oid=863630", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2011-15740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for proftpd FEDORA-2011-15740\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ProFTPD is an enhanced FTP server with a focus toward simplicity, security,\n and ease of configuration. It features a very Apache-like configuration\n syntax, and a highly customizable server infrastructure, including support for\n multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory\n visibility.\n\n This package defaults to the standalone behavior of ProFTPD, but all the\n needed scripts to have it run by xinetd instead are included.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"proftpd on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069487.html\");\n script_id(863630);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:59 +0530 (Mon, 21 Nov 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-15740\");\n script_cve_id(\"CVE-2011-4130\");\n script_name(\"Fedora Update for proftpd FEDORA-2011-15740\");\n\n script_summary(\"Check for the Version of proftpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.4~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-11-21T00:00:00", "id": "OPENVAS:1361412562310863630", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863630", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2011-15740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for proftpd FEDORA-2011-15740\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069487.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863630\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:59 +0530 (Mon, 21 Nov 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-15740\");\n script_cve_id(\"CVE-2011-4130\");\n script_name(\"Fedora Update for proftpd FEDORA-2011-15740\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"proftpd on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.4~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "Check for the Version of proftpd", "modified": "2017-07-06T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:831503", "href": "http://plugins.openvas.org/nasl.php?oid=831503", "type": "openvas", "title": "Mandriva Update for proftpd MDVSA-2011:181 (proftpd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for proftpd MDVSA-2011:181 (proftpd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and fixed in proftpd:\n\n Use-after-free vulnerability in the Response API in ProFTPD before\n 1.3.3g allows remote authenticated users to execute arbitrary code\n via vectors involving an error that occurs after an FTP data transfer\n (CVE-2011-4130).\n\n The updated packages have been upgraded to the latest version 1.3.3g\n which is not vulnerable to this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"proftpd on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-12/msg00003.php\");\n script_id(831503);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:54:48 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:181\");\n script_cve_id(\"CVE-2011-4130\");\n script_name(\"Mandriva Update for proftpd MDVSA-2011:181 (proftpd)\");\n\n script_summary(\"Check for the Version of proftpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_autohost\", rpm:\"proftpd-mod_autohost~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ban\", rpm:\"proftpd-mod_ban~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_case\", rpm:\"proftpd-mod_case~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ctrls_admin\", rpm:\"proftpd-mod_ctrls_admin~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_gss\", rpm:\"proftpd-mod_gss~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ifsession\", rpm:\"proftpd-mod_ifsession~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ldap\", rpm:\"proftpd-mod_ldap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_load\", rpm:\"proftpd-mod_load~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab\", rpm:\"proftpd-mod_quotatab~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_file\", rpm:\"proftpd-mod_quotatab_file~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_ldap\", rpm:\"proftpd-mod_quotatab_ldap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_radius\", rpm:\"proftpd-mod_quotatab_radius~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_sql\", rpm:\"proftpd-mod_quotatab_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_radius\", rpm:\"proftpd-mod_radius~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ratio\", rpm:\"proftpd-mod_ratio~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_rewrite\", rpm:\"proftpd-mod_rewrite~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp\", rpm:\"proftpd-mod_sftp~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_pam\", rpm:\"proftpd-mod_sftp_pam~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_sql\", rpm:\"proftpd-mod_sftp_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_shaper\", rpm:\"proftpd-mod_shaper~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_site_misc\", rpm:\"proftpd-mod_site_misc~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql\", rpm:\"proftpd-mod_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_mysql\", rpm:\"proftpd-mod_sql_mysql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_passwd\", rpm:\"proftpd-mod_sql_passwd~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_postgres\", rpm:\"proftpd-mod_sql_postgres~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_sqlite\", rpm:\"proftpd-mod_sql_sqlite~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_time\", rpm:\"proftpd-mod_time~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls\", rpm:\"proftpd-mod_tls~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls_shmcache\", rpm:\"proftpd-mod_tls_shmcache~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_vroot\", rpm:\"proftpd-mod_vroot~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap\", rpm:\"proftpd-mod_wrap~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_file\", rpm:\"proftpd-mod_wrap_file~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_sql\", rpm:\"proftpd-mod_wrap_sql~1.3.3g~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_autohost\", rpm:\"proftpd-mod_autohost~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ban\", rpm:\"proftpd-mod_ban~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_case\", rpm:\"proftpd-mod_case~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ctrls_admin\", rpm:\"proftpd-mod_ctrls_admin~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_gss\", rpm:\"proftpd-mod_gss~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ifsession\", rpm:\"proftpd-mod_ifsession~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ldap\", rpm:\"proftpd-mod_ldap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_load\", rpm:\"proftpd-mod_load~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab\", rpm:\"proftpd-mod_quotatab~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_file\", rpm:\"proftpd-mod_quotatab_file~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_ldap\", rpm:\"proftpd-mod_quotatab_ldap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_radius\", rpm:\"proftpd-mod_quotatab_radius~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_quotatab_sql\", rpm:\"proftpd-mod_quotatab_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_radius\", rpm:\"proftpd-mod_radius~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_ratio\", rpm:\"proftpd-mod_ratio~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_rewrite\", rpm:\"proftpd-mod_rewrite~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp\", rpm:\"proftpd-mod_sftp~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_pam\", rpm:\"proftpd-mod_sftp_pam~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sftp_sql\", rpm:\"proftpd-mod_sftp_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_shaper\", rpm:\"proftpd-mod_shaper~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_site_misc\", rpm:\"proftpd-mod_site_misc~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql\", rpm:\"proftpd-mod_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_mysql\", rpm:\"proftpd-mod_sql_mysql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_passwd\", rpm:\"proftpd-mod_sql_passwd~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_postgres\", rpm:\"proftpd-mod_sql_postgres~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_sql_sqlite\", rpm:\"proftpd-mod_sql_sqlite~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_time\", rpm:\"proftpd-mod_time~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls\", rpm:\"proftpd-mod_tls~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_tls_shmcache\", rpm:\"proftpd-mod_tls_shmcache~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_vroot\", rpm:\"proftpd-mod_vroot~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap\", rpm:\"proftpd-mod_wrap~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_file\", rpm:\"proftpd-mod_wrap_file~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"proftpd-mod_wrap_sql\", rpm:\"proftpd-mod_wrap_sql~1.3.3g~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "description": "The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-2.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070560", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070560", "type": "openvas", "title": "Debian Security Advisory DSA 2346-2 (proftpd-dfsg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2346_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2346-2 (proftpd-dfsg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70560\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:30:05 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2346-2 (proftpd-dfsg)\");\n script_cve_id(\"CVE-2011-4130\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202346-2\");\n script_tag(name:\"insight\", value:\"The ProFTPD security update, DSA-2346-1, introduced a regression,\npreventing successful TLS connections. This regression does not\naffected the stable distribution (squeeze), nor the testing and\nunstable distributions.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny9.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your proftpd-dfsg packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to proftpd-dfsg\nannounced via advisory DSA 2346-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny9\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T09:47:07", "description": "Several vulnerabilities were discovered in ProFTPD, an FTP server :\n\n - (No CVE id)\n ProFTPD incorrectly uses data from an unencrypted input\n buffer after encryption has been enabled with STARTTLS,\n an issue similar to CVE-2011-0411.\n\n - CVE-2011-4130\n ProFTPD uses a response pool after freeing it under\n exceptional conditions, possibly leading to remote code\n execution. (The version in lenny is not affected by this\n problem.)", "edition": 16, "published": "2011-11-16T00:00:00", "title": "Debian DSA-2346-2 : proftpd-dfsg - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130", "CVE-2011-0411"], "modified": "2011-11-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:proftpd-dfsg", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2346.NASL", "href": "https://www.tenable.com/plugins/nessus/56850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2346. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56850);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_bugtraq_id(50631);\n script_xref(name:\"DSA\", value:\"2346\");\n\n script_name(english:\"Debian DSA-2346-2 : proftpd-dfsg - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in ProFTPD, an FTP server :\n\n - (No CVE id)\n ProFTPD incorrectly uses data from an unencrypted input\n buffer after encryption has been enabled with STARTTLS,\n an issue similar to CVE-2011-0411.\n\n - CVE-2011-4130\n ProFTPD uses a response pool after freeing it under\n exceptional conditions, possibly leading to remote code\n execution. (The version in lenny is not affected by this\n problem.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/proftpd-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2346\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the proftpd-dfsg packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny9.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-dfsg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"proftpd-dfsg\", reference:\"1.3.1-17lenny9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-basic\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-dev\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-doc\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-mod-ldap\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-mod-mysql\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-mod-odbc\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-mod-pgsql\", reference:\"1.3.3a-6squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"proftpd-mod-sqlite\", reference:\"1.3.3a-6squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:31", "description": "A vulnerability was discovered and fixed in proftpd :\n\nUse-after-free vulnerability in the Response API in ProFTPD before\n1.3.3g allows remote authenticated users to execute arbitrary code via\nvectors involving an error that occurs after an FTP data transfer\n(CVE-2011-4130).\n\nThe updated packages have been upgraded to the latest version 1.3.3g\nwhich is not vulnerable to this issue.", "edition": 24, "published": "2011-12-08T00:00:00", "title": "Mandriva Linux Security Advisory : proftpd (MDVSA-2011:181)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2011-12-08T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:proftpd-mod_load", "p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin", "p-cpe:/a:mandriva:linux:proftpd-mod_site_misc", "p-cpe:/a:mandriva:linux:proftpd-mod_shaper", "p-cpe:/a:mandriva:linux:proftpd-mod_ifsession", "p-cpe:/a:mandriva:linux:proftpd-mod_autohost", "p-cpe:/a:mandriva:linux:proftpd-mod_sftp", "p-cpe:/a:mandriva:linux:proftpd-mod_ratio", "p-cpe:/a:mandriva:linux:proftpd-mod_tls", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab", "p-cpe:/a:mandriva:linux:proftpd-mod_case", "p-cpe:/a:mandriva:linux:proftpd-mod_vroot", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql", "p-cpe:/a:mandriva:linux:proftpd-mod_sftp_sql", "p-cpe:/a:mandriva:linux:proftpd-mod_ban", "p-cpe:/a:mandriva:linux:proftpd", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file", "p-cpe:/a:mandriva:linux:proftpd-mod_ldap", "p-cpe:/a:mandriva:linux:proftpd-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap", "p-cpe:/a:mandriva:linux:proftpd-mod_tls_shmcache", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap", "p-cpe:/a:mandriva:linux:proftpd-mod_rewrite", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_sqlite", "p-cpe:/a:mandriva:linux:proftpd-mod_sql", "p-cpe:/a:mandriva:linux:proftpd-mod_gss", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_passwd", "p-cpe:/a:mandriva:linux:proftpd-mod_radius", "p-cpe:/a:mandriva:linux:proftpd-mod_sftp_pam", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file", "p-cpe:/a:mandriva:linux:proftpd-mod_time"], "id": "MANDRIVA_MDVSA-2011-181.NASL", "href": "https://www.tenable.com/plugins/nessus/57046", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:181. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57046);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_bugtraq_id(50631);\n script_xref(name:\"MDVSA\", value:\"2011:181\");\n\n script_name(english:\"Mandriva Linux Security Advisory : proftpd (MDVSA-2011:181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and fixed in proftpd :\n\nUse-after-free vulnerability in the Response API in ProFTPD before\n1.3.3g allows remote authenticated users to execute arbitrary code via\nvectors involving an error that occurs after an FTP data transfer\n(CVE-2011-4130).\n\nThe updated packages have been upgraded to the latest version 1.3.3g\nwhich is not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.proftpd.org/docs/NEWS-1.3.3g\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_autohost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ban\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_case\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_gss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ratio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sftp_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sftp_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_shaper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_passwd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_tls_shmcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_vroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-devel-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_autohost-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_ban-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_case-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_ctrls_admin-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_gss-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_ifsession-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_ldap-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_load-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_quotatab-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_quotatab_file-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_quotatab_ldap-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_quotatab_radius-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_quotatab_sql-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_radius-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_ratio-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_rewrite-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sftp-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sftp_pam-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sftp_sql-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_shaper-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_site_misc-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sql-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sql_mysql-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sql_passwd-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sql_postgres-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_sql_sqlite-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_time-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_tls-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_tls_shmcache-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_vroot-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_wrap-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_wrap_file-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"proftpd-mod_wrap_sql-1.3.3g-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-devel-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_autohost-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_ban-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_case-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_ctrls_admin-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_gss-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_ifsession-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_ldap-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_load-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_quotatab-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_quotatab_file-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_quotatab_ldap-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_quotatab_radius-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_quotatab_sql-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_radius-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_ratio-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_rewrite-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sftp-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sftp_pam-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sftp_sql-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_shaper-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_site_misc-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sql-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sql_mysql-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sql_passwd-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sql_postgres-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_sql_sqlite-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_time-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_tls-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_tls_shmcache-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_vroot-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_wrap-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_wrap_file-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"proftpd-mod_wrap_sql-1.3.3g-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:19", "description": "This update, to the current (and final) release for the 1.3.3\nmaintenance branch, includes a pair of security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420), in which a\n remote attacker could provide a specially crafted\n request (resulting in a need for the server to handle\n an exceptional condition), leading to memory\n corruption and potentially arbitrary code execution,\n with the privileges of the user running the proftpd\n server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-11-22T00:00:00", "title": "Fedora 14 : proftpd-1.3.3g-1.fc14 (2011-15741)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2011-11-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:proftpd", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-15741.NASL", "href": "https://www.tenable.com/plugins/nessus/56895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15741.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56895);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_xref(name:\"FEDORA\", value:\"2011-15741\");\n\n script_name(english:\"Fedora 14 : proftpd-1.3.3g-1.fc14 (2011-15741)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update, to the current (and final) release for the 1.3.3\nmaintenance branch, includes a pair of security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420), in which a\n remote attacker could provide a specially crafted\n request (resulting in a need for the server to handle\n an exceptional condition), leading to memory\n corruption and potentially arbitrary code execution,\n with the privileges of the user running the proftpd\n server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=752812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069446.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed7e4859\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"proftpd-1.3.3g-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:01:09", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the Response API in\n ProFTPD before 1.3.3g allows remote authenticated users\n to execute arbitrary code via vectors involving an error\n that occurs after an FTP data transfer. (CVE-2011-4130)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : proftpd (cve_2011_4130_use_after)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:proftpd", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_PROFTPD_20120119.NASL", "href": "https://www.tenable.com/plugins/nessus/80742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80742);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4130\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : proftpd (cve_2011_4130_use_after)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Use-after-free vulnerability in the Response API in\n ProFTPD before 1.3.3g allows remote authenticated users\n to execute arbitrary code via vectors involving an error\n that occurs after an FTP data transfer. (CVE-2011-4130)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2011-4130-use-after-free-vulnerability-in-proftpd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 03.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:proftpd\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^proftpd$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.3.0.4.0\", sru:\"SRU 3\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : proftpd\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"proftpd\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:37", "description": "New proftpd packages are available for Slackware 11.0, 12.0, 12.1,\n12.2, 13.0, 13.1, 13.37, and -current to fix security issues.", "edition": 24, "published": "2012-02-13T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : proftpd (SSA:2012-041-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2012-02-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:proftpd", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2012-041-04.NASL", "href": "https://www.tenable.com/plugins/nessus/57895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2012-041-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57895);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_bugtraq_id(50631);\n script_xref(name:\"SSA\", value:\"2012-041-04\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : proftpd (SSA:2012-041-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New proftpd packages are available for Slackware 11.0, 12.0, 12.1,\n12.2, 13.0, 13.1, 13.37, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.509924\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dfaa079\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.4a\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:07:49", "description": "Vulnerabilities were discovered for the proftpd packages in openSUSE\nversion 12.1.", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : proftpd (openSUSE-2011-19)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:proftpd-devel", "p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-radius", "p-cpe:/a:novell:opensuse:proftpd-pgsql", "p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:proftpd-sqlite", "p-cpe:/a:novell:opensuse:proftpd-debugsource", "p-cpe:/a:novell:opensuse:proftpd-mysql", "p-cpe:/a:novell:opensuse:proftpd-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo", "p-cpe:/a:novell:opensuse:proftpd", "p-cpe:/a:novell:opensuse:proftpd-ldap", "p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo"], "id": "OPENSUSE-2011-19.NASL", "href": "https://www.tenable.com/plugins/nessus/74521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-19.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74521);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4130\");\n\n script_name(english:\"openSUSE Security Update : proftpd (openSUSE-2011-19)\");\n script_summary(english:\"Check for the openSUSE-2011-19 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities were discovered for the proftpd packages in openSUSE\nversion 12.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731347\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-debuginfo-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-debugsource-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-devel-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-ldap-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-ldap-debuginfo-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-mysql-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-mysql-debuginfo-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-pgsql-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-pgsql-debuginfo-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-radius-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-radius-debuginfo-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-sqlite-1.3.3g-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"proftpd-sqlite-debuginfo-1.3.3g-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:19", "description": "This update, to the current upstream stable release, includes a pair\nof security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420,\n CVE-2011-4130), in which a remote attacker could\n provide a specially crafted request (resulting in a\n need for the server to handle an exceptional\n condition), leading to memory corruption and\n potentially arbitrary code execution, with the\n privileges of the user running the proftpd server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-11-22T00:00:00", "title": "Fedora 16 : proftpd-1.3.4-1.fc16 (2011-15765)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2011-11-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:proftpd", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-15765.NASL", "href": "https://www.tenable.com/plugins/nessus/56896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15765.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56896);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_xref(name:\"FEDORA\", value:\"2011-15765\");\n\n script_name(english:\"Fedora 16 : proftpd-1.3.4-1.fc16 (2011-15765)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update, to the current upstream stable release, includes a pair\nof security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420,\n CVE-2011-4130), in which a remote attacker could\n provide a specially crafted request (resulting in a\n need for the server to handle an exceptional\n condition), leading to memory corruption and\n potentially arbitrary code execution, with the\n privileges of the user running the proftpd server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=752812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069449.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf3bb0d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"proftpd-1.3.4-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:19", "description": "This update, to the current upstream stable release, includes a pair\nof security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420,\n CVE-2011-4130), in which a remote attacker could\n provide a specially crafted request (resulting in a\n need for the server to handle an exceptional\n condition), leading to memory corruption and\n potentially arbitrary code execution, with the\n privileges of the user running the proftpd server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-11-22T00:00:00", "title": "Fedora 15 : proftpd-1.3.4-1.fc15 (2011-15740)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2011-11-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:proftpd", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-15740.NASL", "href": "https://www.tenable.com/plugins/nessus/56894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15740.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56894);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_xref(name:\"FEDORA\", value:\"2011-15740\");\n\n script_name(english:\"Fedora 15 : proftpd-1.3.4-1.fc15 (2011-15740)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update, to the current upstream stable release, includes a pair\nof security fixes :\n\n - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST\n attacks (upstream bug 3704); to disable this\n countermeasure, which may cause interoperability issues\n with some clients, use the NoEmptyFragments TLSOption\n\n - Response pool use-after-free memory corruption error\n (upstream bug 3711, #752812, ZDI-CAN-1420,\n CVE-2011-4130), in which a remote attacker could\n provide a specially crafted request (resulting in a\n need for the server to handle an exceptional\n condition), leading to memory corruption and\n potentially arbitrary code execution, with the\n privileges of the user running the proftpd server\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=752812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069487.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22bde4a5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"proftpd-1.3.4-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:37:25", "description": "The remote host is using ProFTPD, a free FTP server for Unix and\nLinux.\n\nAccording to its banner, the version of ProFTPD installed on the\nremote host is earlier than 1.3.3g or 1.3.4. As such, it is\npotentially affected by a code execution vulnerability due to how the\nserver manages the response pool that is used to send responses from\nthe server to the client. A remote, authenticated attacker could \nleverage this issue to execute arbitrary code on the remote host,\nsubject to the privileges of the user running the affected\napplication.\n\nNote that Nessus did not actually test for the flaw but instead has\nrelied on the version in ProFTPD's banner.", "edition": 18, "published": "2011-11-28T00:00:00", "title": "ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4130"], "modified": "2011-11-28T00:00:00", "cpe": ["cpe:/a:proftpd:proftpd"], "id": "PROFTPD_1_3_3G.NASL", "href": "https://www.tenable.com/plugins/nessus/56956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56956);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/27\");\n\n script_cve_id(\"CVE-2011-4130\");\n script_bugtraq_id(50631);\n\n script_name(english:\"ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution\");\n script_summary(english:\"Checks version in the service banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote FTP server is affected by a code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using ProFTPD, a free FTP server for Unix and\nLinux.\n\nAccording to its banner, the version of ProFTPD installed on the\nremote host is earlier than 1.3.3g or 1.3.4. As such, it is\npotentially affected by a code execution vulnerability due to how the\nserver manages the response pool that is used to send responses from\nthe server to the client. A remote, authenticated attacker could \nleverage this issue to execute arbitrary code on the remote host,\nsubject to the privileges of the user running the affected\napplication.\n\nNote that Nessus did not actually test for the flaw but instead has\nrelied on the version in ProFTPD's banner.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-328/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2011/Nov/174\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.proftpd.org/show_bug.cgi?id=3711\");\n # https://web.archive.org/web/20150914195742/http://www.proftpd.org/docs/NEWS-1.3.3g\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4b46de4\");\n # https://web.archive.org/web/20150621164000/http://www.proftpd.org/docs/NEWS-1.3.4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c33326d\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to ProFTPD version 1.3.3g / 1.3.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4130\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:proftpd:proftpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_keys(\"ftp/proftpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/ftp\", 21);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_ftp_port(default: 21, broken:TRUE);\n\nbanner = get_ftp_banner(port:port);\nif (!banner) exit(1, \"Unable to obtain FTP banner on port \"+port+\".\");\nif (\"ProFTPD\" >!< banner) exit(1, \"The FTP service on port \"+port+\" does not appear to be ProFTPD.\");\n\nmatches = pregmatch(string:banner, pattern:\"ProFTPD ([0-9a-z.]+) \");\nif (!isnull(matches)) version = matches[1];\nelse exit(1, \"Unable to obtain version number from FTP banner on port \"+port+\".\");\n\nif (version =~ '^1(\\\\.3)?$') exit(1, \"The banner from ProFTPD listening on port \"+port+\" - \"+banner+\" - is not granular enough.\");\n\nif (\n version =~ \"^0\\.\" ||\n version =~ \"^1\\.[0-2]\\.\" ||\n version =~ \"^1\\.3\\.[0-2]($|\\.|[^0-9])\" ||\n version =~ \"^1\\.3\\.3($|[a-f]$|rc[0-9]+$)\" ||\n version =~ \"^1\\.3\\.4($|rc[0-9]+$)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + chomp(banner) +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.3g / 1.3.4\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The ProFTPD \"+version+\" install listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:07", "description": "A security flaw was discovered in postfix which allows plaintext\ncommand injection with SMTP sessions over TLS (CVE-2011-0411).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2011-03-17T00:00:00", "title": "Mandriva Linux Security Advisory : postfix (MDVSA-2011:045)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0411"], "modified": "2011-03-17T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:postfix-pcre", "p-cpe:/a:mandriva:linux:postfix-pgsql", "p-cpe:/a:mandriva:linux:postfix", "p-cpe:/a:mandriva:linux:postfix-cdb", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:libpostfix1", "p-cpe:/a:mandriva:linux:postfix-mysql", "p-cpe:/a:mandriva:linux:lib64postfix1", "p-cpe:/a:mandriva:linux:postfix-ldap"], "id": "MANDRIVA_MDVSA-2011-045.NASL", "href": "https://www.tenable.com/plugins/nessus/52699", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:045. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52699);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0411\");\n script_xref(name:\"CERT\", value:\"555316\");\n script_xref(name:\"MDVSA\", value:\"2011:045\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postfix (MDVSA-2011:045)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security flaw was discovered in postfix which allows plaintext\ncommand injection with SMTP sessions over TLS (CVE-2011-0411).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postfix.org/CVE-2011-0411.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/516901/30/0/threaded\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postfix1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpostfix1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix-cdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix-pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postfix-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64postfix1-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpostfix1-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postfix-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postfix-ldap-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postfix-mysql-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postfix-pcre-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postfix-pgsql-2.5.5-4.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64postfix1-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpostfix1-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postfix-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postfix-ldap-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postfix-mysql-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postfix-pcre-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postfix-pgsql-2.6.5-2.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64postfix1-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpostfix1-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-cdb-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-ldap-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-mysql-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-pcre-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"postfix-pgsql-2.7.0-4.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:15:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4130", "CVE-2011-0411"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2346-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nNovember 15, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : proftpd-dfsg\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4130\nDebian Bug : 648373\n\nSeveral vulnerabilities were discovered in ProFTPD, an FTP server:\n\n\tProFTPD incorrectly uses data from an unencrypted input buffer\n\tafter encryption has been enabled with STARTTLS, an issue\n\tsimilar to CVE-2011-0411.\n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. (The version in lenny is not affected by this\n\tproblem.)\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny8.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.4~rc3-2.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-11-15T20:39:52", "published": "2011-11-15T20:39:52", "id": "DEBIAN:DSA-2346-1:5B734", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00223.html", "title": "[SECURITY] [DSA 2346-1] proftpd-dfsg security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "cvelist": ["CVE-2011-4130"], "description": "Use after free()", "edition": 1, "modified": "2011-11-21T00:00:00", "published": "2011-11-21T00:00:00", "id": "SECURITYVULNS:VULN:12046", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12046", "title": "ProFTPD memory corruption", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2011-0411"], "description": "This is a writeup about a flaw that I found recently, and that\r\nexisted in multiple implementations of SMTP (Simple Mail Transfer\r\nProtocol) over TLS (Transport Layer Security) including my Postfix\r\nopen source mailserver. I give an overview of the problem and its\r\nimpact, how to find out if a server is affected, fixes, and draw\r\nlessons about where we can expect similar problems. A time line\r\nis at the end.\r\n\r\nFor further reading:\r\nhttp://www.kb.cert.org/vuls/id/555316 \r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\r\nhttp://www.postfix.org/CVE-2011-0411.html (extended writeup)\r\n\r\n Wietse\r\n\r\nProblem overview and impact\r\n===========================\r\n\r\nThe TLS protocol encrypts communication and protects it against\r\nmodification by other parties. This protection exists only if a)\r\nsoftware is free of flaws, and b) clients verify the server's TLS\r\ncertificate, so that there can be no "man in the middle" (servers\r\nusually don't verify client certificates).\r\n\r\nThe problem discussed in this writeup is caused by a software flaw.\r\nThe flaw allows an attacker to inject client commands into an SMTP\r\nsession during the unprotected plaintext SMTP protocol phase (more\r\non that below), such that the server will execute those commands\r\nduring the SMTP-over-TLS protocol phase when all communication is\r\nsupposed to be protected.\r\n\r\nThe injected commands could be used to steal the victim's email or\r\nSASL (Simple Authentication and Security Layer) username and password.\r\n\r\nThis is not as big a problem as it may appear to be. The reason\r\nis that many SMTP client applications don't verify server TLS\r\ncertificates. These SMTP clients are always vulnerable to command\r\ninjection and other attacks. Their TLS sessions are only encrypted\r\nbut not protected.\r\n\r\nA similar plaintext injection flaw may exist in the way SMTP clients\r\nhandle SMTP-over-TLS server responses, but its impact is less\r\ninteresting than the server-side flaw.\r\n\r\nSMTP is not the only protocol with a mid-session switch from plaintext\r\nto TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations\r\nof these protocols may be affected by the same flaw as discussed here.\r\n\r\nDemonstration\r\n=============\r\n\r\nThe problem is easy to demonstrate with a one-line change to the\r\nOpenSSL s_client command source code (I would prefer scripting, but\r\nhaving to install Perl CPAN modules and all their dependencies is\r\nmore work than downloading a .tar.gz file from openssl.org, adding\r\neight characters to one line, and doing "./config; make").\r\n\r\nThe OpenSSL s_client command can make a connection to servers that\r\nsupport straight TLS, SMTP over TLS, or a handful other protocols\r\nover TLS. The demonstration with SMTP over TLS involves a one-line\r\nchange in the OpenSSL s_client source code (with OpenSSL 1.0.0, at\r\nline 1129 of file apps/s_client.c).\r\n\r\nOld: BIO_printf(sbio,"STARTTLS\r\n");\r\nNew: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n");\r\n\r\nWith this change, the s_client command sends the plaintext STARTTLS\r\ncommand ("let's turn on TLS") immediately followed by an RSET command\r\n(a relatively harmless protocol "reset"). Both commands are sent\r\nas plaintext in the same TCP/IP packet, and arrive together at the\r\nserver. The "\r\n" are the carriage-return and newline characters;\r\nthese are necessary to terminate an SMTP command.\r\n\r\nWhen an SMTP server has the plaintext injection flaw, it reads the\r\nSTARTTLS command first, switches to SMTP-over-TLS mode, and only\r\nthen the server reads the RSET command. Note, the RSET command was\r\ntransmitted during the plaintext SMTP phase when there is no\r\nprotection, but the server reads the command as if it was received\r\nover the TLS-protected channel.\r\n\r\nThus, when the SMTP server has the flaw, the s_client command output\r\nwill show two "250" SMTP server responses instead of one. The first\r\n"250" response is normal, and is present even when the server is\r\nnot flawed. The second "250" response is for the RSET command, and\r\nindicates that the SMTP server has the plaintext injection flaw.\r\n\r\n $ apps/openssl s_client -quiet -starttls smtp -connect server:port\r\n [some server TLS certificate details omitted]\r\n 250 some text here <=== Normal response, also with "good" server.\r\n 250 more text here <=== RSET response, only with flawed server.\r\n\r\nAnatomy of the flaw: it's all about the plumbing\r\n================================================\r\n\r\nWhether a program may have the plaintext injection flaw depends on\r\nhow it adjusts the plumbing, as it inserts the TLS protocol layer\r\nin-between the SMTP protocol layer and the O/S TCP/IP protocol\r\nlayer. I illustrate this with examples from three open source MTAs:\r\nPostfix, Sendmail and Exim. The diagram below is best viewed with\r\na fixed-width font, for example, from the Courier family.\r\n\r\n Postfix MTA Sendmail MTA Exim MTA\r\n before/after before/after before/after\r\n switch to TLS switch to TLS switch to TLS\r\n\r\n SMTP SMTP SMTP SMTP SMTP SMTP <= SMTP layer\r\n || || || || || ||\r\n stream stream stream stream' || ||\r\n buffers buffers buffers buffers' rw r'w' <= stream layer\r\n rw r'w' rw r'w' || ||\r\n || || || || || ||\r\n || TLS || TLS || TLS <= TLS layer\r\n || || || || || ||\r\n O/S O/S O/S O/S O/S O/S <= TCP/IP layer\r\n\r\nAs shown in the diagram, both Postfix and Sendmail use an application-\r\nlevel stream abstraction, where each stream has properties such as\r\nread/write buffers, read/write functions (indicated with rw), and\r\nother properties that are omitted for brevity.\r\n\r\nWhen Postfix switches to SMTP over TLS, it replaces the plaintext\r\nread/write functions (rw) with the TLS read/write functions (r'w').\r\nPostfix does not modify any of the other stream properties including\r\nthe read/write buffers. A patch for qmail that introduces TLS\r\nsupport uses the same approach. This approach of replacing only\r\nthe stream read/write functions, but not the buffers or other stream\r\nproperties, can introduce the plaintext injection flaw.\r\n\r\nWhen Sendmail switches to SMTP over TLS, it replaces the entire\r\nstream, along with its read/write buffers and read/write functions.\r\nExim, on the other hand, does not seem to have a stream abstraction\r\nlike Postfix, Sendmail or qmail. Instead of replacing streams or\r\nstream properties, Exim replaces plaintext read/write functions\r\nwith TLS read/write functions. Because of their program structure,\r\nSendmail and Exim didn't suffer from the plaintext injection flaw.\r\n\r\nFixing the problem\r\n==================\r\n\r\nThere are two solutions to address the flaw, and both solutions can\r\nbe used together.\r\n\r\n- Report an error when unexpected plaintext is received after the\r\n STARTTLS command. As documented in RFC 3207, STARTTLS must be\r\n the last command in a pipelined group. If plaintext commands are\r\n received after STARTTLS, then that is a protocol violation. \r\n\r\n This measure can also be implemented outside the MTA, for example\r\n in a protocol-aware firewall.\r\n\r\n- If a program uses the same input buffer before and after the\r\n switch to TLS, it should discard the contents of the input buffer,\r\n just like it discards SMTP protocol information that it received\r\n during the plaintext protocol phase.\r\n\r\nConclusion\r\n==========\r\n\r\nThis plaintext injection problem is likely to recur when some\r\ndevelopment moves the plaintext-to-ciphertext switch outside the\r\napplication: for example, into the kernel, into the local hardware,\r\ninto a proxy, or into other infrastructure. This encourages\r\napplications to use the same application-level streams and buffers\r\nand read/write functions before and after the switch to ciphertext.\r\nWhen this migration happens, plaintext injection becomes once more\r\na possibility.\r\n\r\nTime line\r\n=========\r\n\r\nJan 5 2011: While finishing Postfix for its annual release, I found\r\nand fixed this flaw in the SMTP server and client implementations,\r\nwhere it had been sitting ever since TLS support was adopted.\r\n\r\nJan 6-10 2011: As we investigated the scope of the problem, Victor\r\nDuchovni (co-developer) discovered that other implementations were\r\nalso affected including security providers and security appliances.\r\n\r\nJan 11 2011: Contact CERT/CC to help coordinate with the problem's\r\nresolution.\r\n\r\nMar 7 2011: Public announcement, and Postfix legacy release updates.", "edition": 1, "modified": "2011-03-10T00:00:00", "published": "2011-03-10T00:00:00", "id": "SECURITYVULNS:DOC:25899", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25899", "title": "Plaintext injection in STARTTLS (multiple implementations)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4130"], "description": "New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, 13.37, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz: Upgraded.\n This update fixes a use-after-free() memory corruption error,\n and possibly other unspecified issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/proftpd-1.3.4a-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/proftpd-1.3.4a-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/proftpd-1.3.4a-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.4a-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.4a-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/proftpd-1.3.4a-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/proftpd-1.3.4a-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.4a-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.4a-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n07257d37b1708251a2a3871dd87c6be6 proftpd-1.3.4a-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n6a1773e304fb56f433f6651d15a83080 proftpd-1.3.4a-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nf439c8d0c8dcad1947cdfc27774ae757 proftpd-1.3.4a-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n5007c64cfb653341a20aac54844962ad proftpd-1.3.4a-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nb4c65dc4b953d54dfcbc963cfefde842 proftpd-1.3.4a-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nbdf2bd5539abeb25da7c9000d570b946 proftpd-1.3.4a-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nc6f98a0fa8f1cbdc47268aade1b62b29 proftpd-1.3.4a-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\na40c013d52e807e5de691cda8156af03 proftpd-1.3.4a-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n13309d7eba5b374664e7c616e951d382 proftpd-1.3.4a-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n74b653449b982a9e498888f6d8705039 proftpd-1.3.4a-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n3cfb497c816c56a3cd80a850c30fc0bf n/proftpd-1.3.4a-i486-1.txz\n\nSlackware x86_64 -current package:\n90acd5c6075d01b013704b1b8aedfcf3 n/proftpd-1.3.4a-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg proftpd-1.3.4a-i486-1_slack13.37.txz", "modified": "2012-02-10T17:44:44", "published": "2012-02-10T17:44:44", "id": "SSA-2012-041-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.509924", "type": "slackware", "title": "[slackware-security] proftpd", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4130"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. ", "modified": "2011-11-19T05:59:54", "published": "2011-11-19T05:59:54", "id": "FEDORA:A8B072132F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: proftpd-1.3.4-1.fc16", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4130"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. ", "modified": "2011-11-19T06:08:44", "published": "2011-11-19T06:08:44", "id": "FEDORA:BDA9F21436", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: proftpd-1.3.4-1.fc15", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS ", "modified": "2011-03-23T22:59:26", "published": "2011-03-23T22:59:26", "id": "FEDORA:ED2D0110E6F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: postfix-2.7.3-1.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels (setfsuid, sendfile, capabilities) . Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded ports for passive downloads, UL/DL ratios, native LDAP and SQL support, Apache log files and more. Rebuild switches: --without ldap disable ldap support --without mysql disable mysql support --without pgsql disable postgresql support --without extauth disable external authentication --without tls disable SSL/TLS ", "modified": "2011-03-31T16:59:13", "published": "2011-03-31T16:59:13", "id": "FEDORA:512DE27FD6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: pure-ftpd-1.0.30-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS ", "modified": "2011-03-23T22:59:08", "published": "2011-03-23T22:59:08", "id": "FEDORA:D5FD3110BA8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: postfix-2.7.3-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4130", "CVE-2012-6095"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. ", "modified": "2013-01-30T00:31:45", "published": "2013-01-30T00:31:45", "id": "FEDORA:76E8B2161B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: proftpd-1.3.4b-5.fc16", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:57:57", "description": "CVE-2011-4130\r\n\r\nProFTPD\u7684\u662f\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\r\n\r\n\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5931\u8d25\u7684\u653b\u51fb\u5c1d\u8bd5\u5c06\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff0c\r\n\r\n1.3.3g\u524d\u7684ProFTPD\u5b58\u5728\u6b64\u6f0f\u6d1e\n\nRed Hat Fedora 16\r\nRed Hat Fedora 15\r\nRed Hat Fedora 14\r\nProFTPD Project ProFTPD 1.3.3 rc2\r\nProFTPD Project ProFTPD 1.3.3\r\nProFTPD Project ProFTPD 1.3.2 rc3\r\nProFTPD Project ProFTPD 1.3.2 rc2\r\nProFTPD Project ProFTPD 1.3.2\r\nProFTPD Project ProFTPD 1.3.1\r\nProFTPD Project ProFTPD 1.3 rc3\r\nProFTPD Project ProFTPD 1.3 a\r\nProFTPD Project ProFTPD 1.3 .0rc2\r\nProFTPD Project ProFTPD 1.3 .0rc1\r\nProFTPD Project ProFTPD 1.3\r\nProFTPD Project ProFTPD 1.2.10\r\n+ Debian Linux 3.1 sparc\r\n+ Debian Linux 3.1 s/390\r\n+ Debian Linux 3.1 ppc\r\n+ Debian Linux 3.1 mipsel\r\n+ Debian Linux 3.1 mips\r\n+ Debian Linux 3.1 m68k\r\n+ Debian Linux 3.1 ia-64\r\n+ Debian Linux 3.1 ia-32\r\n+ Debian Linux 3.1 hppa\r\n+ Debian Linux 3.1 arm\r\n+ Debian Linux 3.1 amd64\r\n+ Debian Linux 3.1 alpha\r\n+ Debian Linux 3.1\r\nProFTPD Project ProFTPD 1.2.9 rc3\r\nProFTPD Project ProFTPD 1.2.9 rc2\r\nProFTPD Project ProFTPD 1.2.9 rc1\r\nProFTPD Project ProFTPD 1.2.9\r\n+ Mandriva Linux Mandrake 10.0\r\n+ OpenPKG OpenPKG 2.0\r\n+ OpenPKG OpenPKG 1.3\r\n+ OpenPKG OpenPKG Current\r\n+ Slackware Linux 9.1\r\n+ Slackware Linux 9.0\r\n+ Slackware Linux 8.1\r\n+ Slackware Linux -current\r\nProFTPD Project ProFTPD 1.2.8 rc2\r\nProFTPD Project ProFTPD 1.2.8 rc1\r\nProFTPD Project ProFTPD 1.2.8\r\n+ Slackware Linux 9.0\r\n+ Slackware Linux 8.1\r\n+ Slackware Linux -current\r\nProFTPD Project ProFTPD 1.2.7 rc3\r\nProFTPD Project ProFTPD 1.2.7 rc2\r\nProFTPD Project ProFTPD 1.2.7 rc1\r\nProFTPD Project ProFTPD 1.2.7\r\n+ Sun Cobalt Qube 3\r\nProFTPD Project ProFTPD 1.2.6\r\nProFTPD Project ProFTPD 1.2.5 rc1\r\nProFTPD Project ProFTPD 1.2.5\r\nProFTPD Project ProFTPD 1.2.4\r\n+ Debian Linux 3.0 sparc\r\n+ Debian Linux 3.0 s/390\r\n+ Debian Linux 3.0 ppc\r\n+ Debian Linux 3.0 mipsel\r\n+ Debian Linux 3.0 mips\r\n+ Debian Linux 3.0 m68k\r\n+ Debian Linux 3.0 ia-64\r\n+ Debian Linux 3.0 ia-32\r\n+ Debian Linux 3.0 hppa\r\n+ Debian Linux 3.0 arm\r\n+ Debian Linux 3.0 alpha\r\n+ Debian Linux 3.0\r\nProFTPD Project ProFTPD 1.2.3\r\nProFTPD Project ProFTPD 1.2.2 rc3\r\nProFTPD Project ProFTPD 1.2.2 rc1\r\nProFTPD Project ProFTPD 1.2.2\r\nProFTPD Project ProFTPD 1.2.1\r\nProFTPD Project ProFTPD 1.2 pre9\r\nProFTPD Project ProFTPD 1.2 pre8\r\nProFTPD Project ProFTPD 1.2 pre7\r\nProFTPD Project ProFTPD 1.2 pre6\r\nProFTPD Project ProFTPD 1.2 pre5\r\nProFTPD Project ProFTPD 1.2 pre4\r\nProFTPD Project ProFTPD 1.2 pre3\r\nProFTPD Project ProFTPD 1.2 pre2\r\nProFTPD Project ProFTPD 1.2 pre11\r\nProFTPD Project ProFTPD 1.2 pre10\r\nProFTPD Project ProFTPD 1.2 pre1\r\nProFTPD Project ProFTPD 1.2 .0rc3\r\n+ Conectiva Linux 7.0\r\n+ Conectiva Linux 6.0\r\n+ Conectiva Linux 5.1\r\n+ Conectiva Linux 5.0\r\n+ Conectiva Linux graficas\r\n+ Conectiva Linux ecommerce\r\n+ Mandriva Linux Mandrake 8.1 ia64\r\n+ Mandriva Linux Mandrake 8.1\r\n+ Mandriva Linux Mandrake 8.0 ppc\r\n+ Mandriva Linux Mandrake 8.0\r\n+ Mandriva Linux Mandrake 7.2\r\nProFTPD Project ProFTPD 1.2 .0rc2\r\nProFTPD Project ProFTPD 1.2 .0rc1\r\nProFTPD Project ProFTPD 1.2\r\n+ Cobalt Qube 3.0\r\n+ Cobalt Qube 2.0\r\n+ Cobalt RaQ 3.0\r\n+ Cobalt RaQ 2.0\r\n+ Cobalt RaQ 1.1\r\nProFTPD Project ProFTPD 1.3.3c\r\nProFTPD Project ProFTPD 1.3.2c\r\nProFTPD Project ProFTPD 1.3.2b\r\nProFTPD Project ProFTPD 1.3.2a\r\nDebian Linux 6.0 sparc\r\nDebian Linux 6.0 s/390\r\nDebian Linux 6.0 powerpc\r\nDebian Linux 6.0 mips\r\nDebian Linux 6.0 ia-64\r\nDebian Linux 6.0 ia-32\r\nDebian Linux 6.0 arm\r\nDebian Linux 6.0 amd64\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nproftpd\r\n------\r\n\u76ee\u524d\u5382\u5546\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://proftpd.org", "published": "2011-12-02T00:00:00", "title": "ProFTPD Prior To 1.3.3g Use-After-Free \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-4130"], "modified": "2011-12-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24282", "id": "SSV:24282", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:57:37", "description": "CVE ID: CVE-2011-4130\r\n\r\nProFTPD\u662f\u514d\u8d39\u7684Unix\u548cLinux FTP\u670d\u52a1\u5668\u3002\r\n\r\nProFTPD\u5728\u7ba1\u7406\u54cd\u5e94\u6c60\u7684\u65b9\u5f0f\u4e0a\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u5df2\u9a8c\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u8fdc\u7a0b\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nProFTPD < 1.3.3g / 1.3.4\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nProFTPD Project\r\n---------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.proftpd.org/", "published": "2011-12-07T00:00:00", "title": "ProFTPD\u54cd\u5e94\u6c60\u91ca\u653e\u540e\u91cd\u7528\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-4130"], "modified": "2011-12-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26016", "id": "SSV:26016", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "freebsd": [{"lastseen": "2019-05-29T18:34:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "\nWietse Venema has discovered a software flaw that allows\n\t an attacker to inject client commands into an SMTP session\n\t during the unprotected plaintext SMTP protocol phase, such\n\t that the server will execute those commands during the SMTP-\n\t over-TLS protocol phase when all communication is supposed\n\t to be protected.\n", "edition": 4, "modified": "2011-03-07T00:00:00", "published": "2011-03-07T00:00:00", "id": "14A6F516-502F-11E0-B448-BBFA2731F9C7", "href": "https://vuxml.freebsd.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html", "title": "postfix -- plaintext command injection with SMTP over TLS", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "[2:2.6.6-2.1]\n- fix CVE-2011-0411 (#682978)", "edition": 4, "modified": "2011-04-06T00:00:00", "published": "2011-04-06T00:00:00", "id": "ELSA-2011-0423", "href": "http://linux.oracle.com/errata/ELSA-2011-0423.html", "title": "postfix security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0411"], "description": "Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),\nand TLS.\n\nIt was discovered that Postfix did not flush the received SMTP commands\nbuffer after switching to TLS encryption for an SMTP session. A\nman-in-the-middle attacker could use this flaw to inject SMTP commands into\na victim's session during the plain text phase. This would lead to those\ncommands being processed by Postfix after TLS encryption is enabled,\npossibly allowing the attacker to steal the victim's mail or authentication\ncredentials. (CVE-2011-0411)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The\nCERT/CC acknowledges Wietse Venema as the original reporter.\n\nUsers of Postfix are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the postfix service will be restarted automatically.\n", "modified": "2018-06-06T20:24:37", "published": "2011-04-06T04:00:00", "id": "RHSA-2011:0423", "href": "https://access.redhat.com/errata/RHSA-2011:0423", "type": "redhat", "title": "(RHSA-2011:0423) Moderate: postfix security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2020-11-04T12:20:12", "bulletinFamily": "bugbounty", "bounty": 1000.0, "cvelist": ["CVE-2011-0411"], "description": "See http://www.postfix.org/CVE-2011-0411.html for adetailled description.\n\n## Impact\n\nMitM could obtain user credentials.", "modified": "2020-11-04T11:31:07", "published": "2020-08-07T11:29:14", "id": "H1:953219", "href": "https://hackerone.com/reports/953219", "type": "hackerone", "title": "PortSwigger Web Security: SMTP interaction theft via MITM", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
