drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in proftpd
Name: |
Mangelnde Rechteprüfung in proftpd |
|
ID: |
TLSA-2009-16 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux Appliance Server 2.0 |
|
Datum: |
Di, 26. Mai 2009, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0432 |
|
Applikationen: |
ProFTPD |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-16 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 25 May 2009 Last revised: 25 May 2009
Package: proftpd
Summary: CIDR based ACL vulnerability
More information: ProFTPD grew out of the desire to have a secure and configurable FTP server, and out of a significant admiration of the Apache web server.
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. (CVE-2004-0432)
Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
proftpd-1.2.9-14.src.rpm 838130 7577322c7b7e3e2b87aabbb992cdafea
Binary Packages Size: MD5
proftpd-1.2.9-14.i586.rpm 497768 0037cd3db3a81f0c5dcc7ddbcf061274
<Turbolinux 10 Server>
Source Packages Size: MD5
proftpd-1.2.9-14.src.rpm 838130 7577322c7b7e3e2b87aabbb992cdafea
Binary Packages Size: MD5
proftpd-1.2.9-14.i586.rpm 497768 0037cd3db3a81f0c5dcc7ddbcf061274
References:
CVE [CVE-2004-0432] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0432
-------------------------------------------------------------------------- Revision History 25 May 2009 Initial release --------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux)
iEYEARECAAYFAkoacdsACgkQK0LzjOqIJMw0jACfTRhND2C1SyXXzLlspuD+wRBm 3fEAoJVaGLAPXxu5E1VfpGpeMK5URR15 =geZc -----END PGP SIGNATURE-----
|
|
|
|