FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

NASLDB: FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

General

ID: 21507
Name: FreeBSD : proftpd — format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

The ProFTPD release notes states :

sean <infamous42md at hotpop.com> found two format string
vulnerabilities, one in mod_sql’s SQLShowInfo directive, and one
involving the ‘ftpshut’ utility. Both can be considered low risk, as
they require active involvement on the part of the site administrator
in order to be exploited.

These vulnerabilities could potentially lead to information
disclosure, a denial-of-server situation, or execution of arbitrary
code with the permissions of the user running ProFTPD.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2005-2390
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2005/07/26
Patch Release: 2005/08/03
Plugin Release: 2006/05/13

Plugin

Version: 1.9
Filename: freebsd_pkg_c28f4705043f11dabc080001020eed82.nasl
Filesize: 4753 bytes
MD5 Hash: bc2c68685e7176af9b8b44ebccaaf6cc

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG