Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in proftpd
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in proftpd
ID: TLSA-2009-16
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux Appliance Server 2.0
Datum: Di, 26. Mai 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0432
Applikationen: ProFTPD

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-16
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 25 May 2009
Last revised: 25 May 2009

Package: proftpd

Summary: CIDR based ACL vulnerability

More information:
ProFTPD grew out of the desire to have a secure and configurable FTP
server,
and out of a significant admiration of the Apache web server.

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL
entries
as if they were AllowAll, which could allow FTP clients to bypass intended
access restrictions. (CVE-2004-0432)

Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server


<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

proftpd-1.2.9-14.src.rpm
838130 7577322c7b7e3e2b87aabbb992cdafea

Binary Packages
Size: MD5

proftpd-1.2.9-14.i586.rpm
497768 0037cd3db3a81f0c5dcc7ddbcf061274

<Turbolinux 10 Server>

Source Packages
Size: MD5

proftpd-1.2.9-14.src.rpm
838130 7577322c7b7e3e2b87aabbb992cdafea

Binary Packages
Size: MD5

proftpd-1.2.9-14.i586.rpm
497768 0037cd3db3a81f0c5dcc7ddbcf061274


References:

CVE
[CVE-2004-0432]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0432

--------------------------------------------------------------------------
Revision History
25 May 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoacdsACgkQK0LzjOqIJMw0jACfTRhND2C1SyXXzLlspuD+wRBm
3fEAoJVaGLAPXxu5E1VfpGpeMK5URR15
=geZc
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung