Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 029-1 (proftpd)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to proftpd announced via advisory DSA 029-1.
Insight
Insight
The following problems have been reported for the version of proftpd in Debian 2.2 (potato): 1. There is a memory leak in the SIZE command which can result in a denial of service, as reported by Wojciech Purczynski. This is only a problem if proftpd cannot write to its scoreboard file the default configuration of proftpd in Debian is not vulnerable. 2. A similar memory leak affects the USER command, also as reported by Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this vulnerability an attacker can cause the proftpd daemon to crash by exhausting its available memory. 3. There were some format string vulnerabilities reported by Przemyslaw Frasunek. These are not known to have exploits, but have been corrected as a precaution. All three of the above vulnerabilities have been corrected in proftpd-1.2.0pre10-2potato1. We recommend you upgrade your proftpd package immediately.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20029-1