Mandrake Security Advisory MDVSA-2009:288 (proftpd) Network Vulnerability

Summary

The remote host is missing an update to proftpd announced via advisory MDVSA-2009:288.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:288 http://bugs.proftpd.org/show_bug.cgi?id=3275

Insight

A vulnerability has been identified and corrected in proftpd: The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability. Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0

Severity

Classification

CVE CVE-2009-2408

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:204 (wxgtk)
Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)

Take action and discover your vulnerabilities