Executive Summary
Summary | |
---|---|
Title | proftpd-dfsg security update |
Informations | |||
---|---|---|---|
Name | DSA-3263 | First vendor Publication | 2015-05-19 |
Vendor | Debian | Last vendor Modification | 2015-05-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 1.3.4a-5+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 1.3.5-1.1+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 1.3.5-2. We recommend that you upgrade your proftpd-dfsg packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3263 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-284 | Access Control (Authorization) Issues |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
ProFTPD mod_copy command execution | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2015-06-17 | ProFTPD mod_copy unauthenticated file copy attempt RuleID : 34447 - Revision : 4 - Type : POLICY-OTHER |
2015-05-28 | ProFTPD mod_copy remote code execution attempt RuleID : 34225 - Revision : 5 - Type : PROTOCOL-FTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-16 | Name : The remote host is running a ProFTPD module that is affected by an informatio... File : proftpd_1_3_5_info_disc.nasl - Type : ACT_ATTACK |
2015-06-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-410.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d0034536ff2411e4a072d050996490d0.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3263.nasl - Type : ACT_GATHER_INFO |
2015-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2015-7086.nasl - Type : ACT_GATHER_INFO |
2015-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6401.nasl - Type : ACT_GATHER_INFO |
2015-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-7164.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-12.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-21 13:32:24 |
|
2015-05-20 00:24:38 |
|