Download
| Alert*
|
oval:org.secpod.oval:def:602097
Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. oval:org.secpod.oval:def:601116 Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd . oval:org.secpod.oval:def:600689 Several vulnerabilities were discovered in ProFTPD, an FTP server: ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditio ... oval:org.secpod.oval:def:601342 proftpd-basic is installed oval:org.secpod.oval:def:600208 It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:600947 It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations. oval:org.secpod.oval:def:57677 The host is installed with proftpd through 1.3.6 and is prone to an arbitrary file copy vulnerability. A flaw is present in the application, which fails to handle an issue in mod_copy module. Successful exploitation may lead to remote code execution and information disclosure without authentication. oval:org.secpod.oval:def:69959 Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code. oval:org.secpod.oval:def:69777 Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop. oval:org.secpod.oval:def:69897 Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. |
