GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Sep 25, 2013 1:26 am Post subject: [ GLSA 201309-15 ] ProFTPD: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: ProFTPD: Multiple vulnerabilities (GLSA 201309-15)
Severity: high
Exploitable: local, remote
Date: September 24, 2013
Bug(s): #305343, #343389, #348998, #354080, #361963, #390075, #450746, #484614
ID: 201309-15
Synopsis
Multiple vulnerabilities have been found in ProFTPD, the worst of
which leading to remote execution of arbitrary code.
Background
ProFTPD is an advanced and very configurable FTP server.
Affected Packages
Package: net-ftp/proftpd
Vulnerable: < 1.3.4d
Unaffected: >= 1.3.4d
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in ProFTPD. Please review
the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, perform man-in-the-middle attacks to spoof
arbitrary SSL servers, cause a Denial of Service condition, or read and
modify arbitrary files.
Workaround
There is no known workaround at this time.
Resolution
All ProFTPD users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"
|
References
CVE-2009-3555
CVE-2010-3867
CVE-2010-4221
CVE-2010-4652
CVE-2011-1137
CVE-2011-4130
CVE-2012-6095
CVE-2013-4359
Last edited by GLSA on Tue Jun 24, 2014 4:31 am; edited 2 times in total |
|