oval:org.mitre.oval:def:7948

Definition Id: oval:org.mitre.oval:def:7948

Oval ID:	oval:org.mitre.oval:def:7948
Title:	DSA-1689 proftpd-dfsg -- missing input validation
Description:	Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Family:	unix	Class:	patch
Reference(s):	DSA-1689 CVE-2008-4242	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	proftpd-dfsg
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section proftpd-pgsql is earlier than 1.3.0-19etch2 AND proftpd-doc is earlier than 1.3.0-19etch2 AND proftpd-mysql is earlier than 1.3.0-19etch2 AND proftpd-ldap is earlier than 1.3.0-19etch2 AND proftpd is earlier than 1.3.0-19etch2

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7948