The remote host is missing an update to proftpd
announced via advisory DSA 1222-2.
Due to technical problems yesterday's proftpd update lacked a build for the amd64 architecture, which is now available.
Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that a buffer overflow in the sreplace() function may lead to denial of service and possibly the execution of arbitrary code.
It was discovered that a buffer overflow in the mod_tls addon module may lead to the execution of arbitrary code.
It was discovered that insufficient validation of FTP command buffer size limits may lead to denial of service. Due to unclear information this issue was already fixed in DSA-1218 as CVE-2006-5815.
For the stable distribution (sarge) these problem has been fixed in version 1.2.10-15sarge3.
For the unstable distribution (sid) this problem has been fixed in version 1.3.0-16 of the proftpd-dfsg package.
We recommend that you upgrade your proftpd package.
CVE CVE-2006-5815, CVE-2006-6170, CVE-2006-6171 -
CVSS Base Score: 10.0
Related Vulnerabilities