Debian Security Advisory DSA 1689-1 (proftpd-dfsg)

Published: 2008-12-29 21:42:24
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:


Technical Details:
Maksymilian Arciemowicz of reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. For the stable distribution (etch) this problem has been fixed in version 1.3.0-19etch2 and in version 1.3.1-15~bpo40+1 for backports. For the testing (lenny) and unstable (sid) distributions this problem has been fixed in version 1.3.1-15. We recommend that you upgrade your proftpd-dfsg Linux Distribution Package.

The remote host is missing an update to proftpd-dfsg announced via advisory DSA 1689-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:

CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.