Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:181 | First vendor Publication | 2011-12-07 |
Vendor | Mandriva | Last vendor Modification | 2011-12-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability was discovered and fixed in proftpd: Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer (CVE-2011-4130). The updated packages have been upgraded to the latest version 1.3.3g which is not vulnerable to this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:181 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-041-04 proftpd File : nvt/esoft_slk_ssa_2012_041_04.nasl |
2012-04-02 | Name : Fedora Update for proftpd FEDORA-2011-15765 File : nvt/gb_fedora_2011_15765_proftpd_fc16.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2346-1 (proftpd-dfsg) File : nvt/deb_2346_1.nasl |
2011-12-09 | Name : Mandriva Update for proftpd MDVSA-2011:181 (proftpd) File : nvt/gb_mandriva_MDVSA_2011_181.nasl |
2011-11-21 | Name : Fedora Update for proftpd FEDORA-2011-15740 File : nvt/gb_fedora_2011_15740_proftpd_fc15.nasl |
2011-11-21 | Name : Fedora Update for proftpd FEDORA-2011-15741 File : nvt/gb_fedora_2011_15741_proftpd_fc14.nasl |
2011-11-15 | Name : ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability File : nvt/gb_proftpd_50631.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77004 | ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Co... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_proftpd_20120119.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-19.nasl - Type : ACT_GATHER_INFO |
2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-041-04.nasl - Type : ACT_GATHER_INFO |
2011-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-181.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote FTP server is affected by a code execution vulnerability. File : proftpd_1_3_3g.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15740.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15741.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15765.nasl - Type : ACT_GATHER_INFO |
2011-11-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2346.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:36 |
|