Executive Summary
| Summary | |
|---|---|
| Title | New proftpd packages for m68k available |
| Informations | |||
|---|---|---|---|
| Name | DSA-029 | First vendor Publication | 2001-02-11 |
| Vendor | Debian | Last vendor Modification | 2001-03-06 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In Debian Security Advisory DSA 029-1 we have reported several vulnerabilities in proftpd that have been fixed. For details please read the main advisory. This upload fixes: 1. A memory leak which can result in a denial of service, as reported by Wojciech Purczynski. The default configuration of proftpd in Debian is not vulnerable. 2. A similar memory leak affects the USER command, also as reported by Wojciech Purczynski. 3. Format string vulnerabilities reported by Przemyslaw Frasunek. The most recent advisory covering proftpd missed one architecture that was released with Debian GNU/Linux 2.2. Therefore this advisory is only an addition to DSA 029-1 and only adds the relevant package for the Motorola 680x0 architecture. We recommend you upgrade your sudo packages for m68k immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato |
Original Source
| Url : http://www.debian.org/security/2001/dsa-029 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| Os | 1 | |
| Os | 1 | |
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 029-1 (proftpd) File : nvt/deb_029_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7166 | ProFTPD SIZE Command Memory Leak DoS |
| 7165 | ProFTPD USER Command Memory Leak DoS |
| 5705 | ProFTPD Malformed cwd Command Format String |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-09-06 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2001-021.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-029.nasl - Type : ACT_GATHER_INFO |
| 2003-03-17 | Name : It might be possible to run arbitrary code on this server. File : proftpd_1_2_0_rc2.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:20 |
|
