Mandrake Security Advisory MDVSA-2009:288 (proftpd) Network Vulnerability

Summary

The remote host is missing an update to proftpd announced via advisory MDVSA-2009:288.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:288 http://bugs.proftpd.org/show_bug.cgi?id=3275

Insight

A vulnerability has been identified and corrected in proftpd: The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability. Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0

Severity

Classification

CVE CVE-2009-2408
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:047 (vim)
Mandrake Security Advisory MDVSA-2009:002 (bind)

Take action and discover your vulnerabilities