Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in ProFTPD
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in ProFTPD
ID: MDVSA-2013:053
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0, Mandriva Business Server 1.0
Datum: Sa, 6. April 2013, 11:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
Applikationen: ProFTPD

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1365181027-2161-251

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:053
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : proftpd
 Date    : April 5, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in proftpd:
 
 ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows
 local users to modify the ownership of arbitrary files via a race
 condition and a symlink attack on the (1) MKD or (2) XMKD commands
 (CVE-2012-6095).
 
 The updated packages have been patched to correct thies issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 8668ab069cbdedce850d25db83d3dc63 
 mes5/i586/proftpd-1.3.3g-0.2mdvmes5.2.i586.rpm
 a88d58a1b9881057050285161002723c 
 mes5/i586/proftpd-devel-1.3.3g-0.2mdvmes5.2.i586.rpm
 22585bc394667f153da8a755433be6ca 
 mes5/i586/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.i586.rpm
 2982055fd23bb005abac8c7c31e3f1ca 
 mes5/i586/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.i586.rpm
 7625769dc24aba049d0e6e7d386a8f10 
 mes5/i586/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.i586.rpm
 affe5ebdb0deb4efd970d3155d50274f 
 mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.i586.rpm
 72619f1941c05f1f3a39b7ed8ec8ea49 
 mes5/i586/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.i586.rpm
 758c72efd40ee333083acb5242f688cf 
 mes5/i586/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.i586.rpm
 1c9a23300e8be683a228becdf1171b8d 
 mes5/i586/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
 53648fcba355fd40bced12dbf68fc97b 
 mes5/i586/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.i586.rpm
 7a816012a6a3c71acdbbb6b3b32e3aca 
 mes5/i586/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.i586.rpm
 d356cc1095145a8556576c6365cd6d0e 
 mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.i586.rpm
 e07f0c88c9f2eea890c367d0367e08fb 
 mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
 55542c9f37db65b4a8dfc494e8d01efa 
 mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
 e5ef7bfa955fe8b1f2d7d51408603f32 
 mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 2f16197f14aad72f8edc936987365dee 
 mes5/i586/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
 3b749be10c1413c52f042cb06dc37b64 
 mes5/i586/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.i586.rpm
 4dedd298bf289a617636c17cbdcf7891 
 mes5/i586/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.i586.rpm
 3b820c82057c98a7a7c3e48b56098056 
 mes5/i586/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.i586.rpm
 c2fae5843fe294355cd9ed690c5257d0 
 mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.i586.rpm
 453dfd91e7e0737033a60f6040d8cd60 
 mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 370818a2ae1390fae2685948883ee8e2 
 mes5/i586/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.i586.rpm
 ebe0bf7898d073190eb6e9b3c981f021 
 mes5/i586/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.i586.rpm
 3477c07efe3bf44ded0d9a46630c86d5 
 mes5/i586/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 454b317fab48bbaa91117ef07706ec5a 
 mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.i586.rpm
 78d5333793b5b0169bc0fe32da8d6022 
 mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.i586.rpm
 70221679c6a9cf0e69e9c80e8266afdf 
 mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.i586.rpm
 be4f37a0455aa65c64fb74c4ca999c97 
 mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.i586.rpm
 ceae0ed8a2671b33a7746f6452720ddf 
 mes5/i586/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.i586.rpm
 1ccb28cce4bce9d336ba3681c5bc2d34 
 mes5/i586/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.i586.rpm
 1b607c33dfc532f7524b950ca18924ed 
 mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.i586.rpm
 eb4be8eda6d430f18b9af06c5863cc86 
 mes5/i586/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.i586.rpm
 994b33b5b7017f81dd9e69e7cc869e1e 
 mes5/i586/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.i586.rpm
 212da3cc0d0aaf9c73e7223e12acb48c 
 mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.i586.rpm
 c30258b0def5269eb674f996b9bc054a 
 mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.i586.rpm 
 f5fe41d1f4d001e1d6d423f6ce6a87ca 
 mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 363f9c2ed43710548a69e4fe8d9d1bb4 
 mes5/x86_64/proftpd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 084a6ce1d8f71c4a0091f710c3058c89 
 mes5/x86_64/proftpd-devel-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 df9b615d61524aaff76762c1d556b5eb 
 mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 76e573c60f2d6cd105e5bbcc4dc22e5c 
 mes5/x86_64/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 df5f919852b0a29c5f3774f2e03f5be6 
 mes5/x86_64/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 5c1138c7bb8e4a766b0212ea92e1b76e 
 mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 42c5ef07a24a22783ca7721c26a0fbf0 
 mes5/x86_64/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 90073ef45c6855a325d552a9c7005db9 
 mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 843fce783ea1d2a58f00516888a2b28a 
 mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 749746d8dc3c07e2e20e04f550c3c66c 
 mes5/x86_64/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 ccdc137ddec2aa827676c4d78a0adb83 
 mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 60591f3dc63dc0d21f9a4ee87d3c57a1 
 mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 fc5333ef35c706a1eed890fc2ee47085 
 mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b0de06ee3c04bcff9d631e44dbf0f500 
 mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 21ae0c64090ba2b67e7cc41969c771f2 
 mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 9ffb1603cf109d1a562a75f0301a9538 
 mes5/x86_64/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 74bd7fbe86e6056b8eb34305be111803 
 mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 1539bd210d6c0c8369864db9ad9f3593 
 mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 881dff9a2839981b9cc90b138cfc9fc5 
 mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 8dadb26deb8c5a75dbcba778757ef2c6 
 mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b5a6c19db19dc05047a47c63e3604810 
 mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 2cf8891c4a2b78a2dab674cf1f1d0790 
 mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 bf5d9cd2e1941728cf624f54267bfd26 
 mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 74fde039da420d064ce169eb23c7dfdf 
 mes5/x86_64/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 44fc63fdae7c56ddd1b672d30844e4db 
 mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 393b8be0ecfc4caeffb68867fe626186 
 mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 a8d6fb72ff8e1f1693e4d9dc97cc90e2 
 mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 3d1e776e494cc82e4dae6c2af9a1c097 
 mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 2f52338710210ed58b61bcd85b74643d 
 mes5/x86_64/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 e2cb8dc3de2f44cbcae28ba24ed8dd3c 
 mes5/x86_64/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 990c7da3df3a729ca60f47468d5ded8f 
 mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 f86f098eefb718bc23db3a65499583b8 
 mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 c52d1eb47e58fc6ac8da5796774ddddc 
 mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 f6ad59a559e40923f019a24b4aa6d0e7 
 mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b967bdd9c51f774f3ea8c0b29a4131a9 
 mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 
 f5fe41d1f4d001e1d6d423f6ce6a87ca 
 mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 5ee3e510f5e05281247458d07475e241 
 mbs1/x86_64/proftpd-1.3.3g-2.1.mbs1.x86_64.rpm
 ee060dab08f900c56bf9bab7a2569f63 
 mbs1/x86_64/proftpd-devel-1.3.3g-2.1.mbs1.x86_64.rpm
 ce1cefaed89457b9fda7da4ce5061d24 
 mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.1.mbs1.x86_64.rpm
 b607b9f8aa4805d4a0b090dc99c1189d 
 mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.1.mbs1.x86_64.rpm
 a881044b088bcda4329537004559dd46 
 mbs1/x86_64/proftpd-mod_case-1.3.3g-2.1.mbs1.x86_64.rpm
 3afc1166329e5f2d70a24d5219f74ed2 
 mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.1.mbs1.x86_64.rpm
 3b41a39b3aebab299d66246c9217f082 
 mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.1.mbs1.x86_64.rpm
 e326d9402aa1d3945069312bb6a48045 
 mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.1.mbs1.x86_64.rpm
 9281e71ca842fae81e215419f4a6b842 
 mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
 573512c7005c90b5c362263dfeec1698 
 mbs1/x86_64/proftpd-mod_load-1.3.3g-2.1.mbs1.x86_64.rpm
 85fe7cbd5bc876e7f67502a53facc5df 
 mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.1.mbs1.x86_64.rpm
 ea1c19bd2a8b496cc03963d42d4eeead 
 mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.1.mbs1.x86_64.rpm
 5b92d4110792649bb89637f1adfbdcab 
 mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
 41c8309fe1e3a7277eddce9daa1cad9f 
 mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.1.mbs1.x86_64.rpm
 ea5d966d22fcfe1eb69b32905621268e 
 mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.1.mbs1.x86_64.rpm
 bdbbe5631e05e8d27375a395ec92a67a 
 mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.1.mbs1.x86_64.rpm
 9a932ac2241dca3466695e327d38d28b 
 mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.1.mbs1.x86_64.rpm
 36f12754a5bbac843c03b09f241a8087 
 mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.1.mbs1.x86_64.rpm
 1372826aad7e999d7599c4b93b13ade1 
 mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.1.mbs1.x86_64.rpm
 a49511fdc7141dba6106a48908db103a 
 mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.1.mbs1.x86_64.rpm
 ef9f765f6173e1981a75cd30b978b5bb 
 mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.1.mbs1.x86_64.rpm
 323c87bf0bcccc33f438a03c03ffc52a 
 mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.1.mbs1.x86_64.rpm
 7153e4d2d9c0b9c3f4fd694cc3ef09ff 
 mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.1.mbs1.x86_64.rpm
 d38ad8e88d33ec5f625e52f2a49e30ca 
 mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.1.mbs1.x86_64.rpm
 523f576bab25b5966c1141dc0ead4088 
 mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.1.mbs1.x86_64.rpm
 7a78310aa523a8c5c9e8b504c1ca763b 
 mbs1/x86_64/proftpd-mod_time-1.3.3g-2.1.mbs1.x86_64.rpm
 a7952bf753a822734605e182606519dc 
 mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.1.mbs1.x86_64.rpm
 b8bc0fe6d2a30ecbccd56682a1cef78c 
 mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.1.mbs1.x86_64.rpm
 9f9332d885d77c1b840a5c66489ebc9b 
 mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.1.mbs1.x86_64.rpm
 2fc91b4ff89bfcb0147070cc07bd889f 
 mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.1.mbs1.x86_64.rpm
 50904d544c039681471574b2eb61b296 
 mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.1.mbs1.x86_64.rpm 
 04853f2f9be154ae438f8c04857dc136  mbs1/SRPMS/proftpd-1.3.3g-2.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRXta/mqjQ0CJFipgRAjkMAJ9Jfo6qxIQacm1aJqZueaeMIRjA3gCgqibo
q2xaoMFyZ182AziVedoKKRw=
=70PS
-----END PGP SIGNATURE-----


------------=_1365181027-2161-251
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1365181027-2161-251--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung