Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes ProFTPD Auth API Authentication Bypass

Title : Fedora Security Update Fixes ProFTPD Auth API Authentication Bypass
VUPEN ID : VUPEN/ADV-2007-3734
CVE ID : CVE-2007-2165
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-06

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security checks. This issue is caused by an error in ProFTPD. For additional information, see : VUPEN/ADV-2007-1444

Affected Products

Fedora 7

Solution

Upgrade the affected packages :

2d413f5e0afd249ead9f5554c5459f907acaac4f proftpd-debuginfo-1.3.1-2.fc7.ppc64.rpm
b4565e8b12a27aa98178c636087056d89df6fb1a proftpd-ldap-1.3.1-2.fc7.ppc64.rpm
ed4d28ed8bcb09d6e78165bd1e7163ad6db959a7 proftpd-postgresql-1.3.1-2.fc7.ppc64.rpm
88d4c6b380df5571ee87e88302479754756c0616 proftpd-1.3.1-2.fc7.ppc64.rpm
d487f21bd5b44042e262a93c9ea8aecd21f04ffe proftpd-mysql-1.3.1-2.fc7.ppc64.rpm
cf791b055f924aae61be66d79e13955a7ea14f21 proftpd-debuginfo-1.3.1-2.fc7.i386.rpm
3bb1497704f0777ff1129848cb346ad4b57a964f proftpd-ldap-1.3.1-2.fc7.i386.rpm
c08014c3700c1f3bf875baf298a14e0bb6652a08 proftpd-postgresql-1.3.1-2.fc7.i386.rpm
c46d3f9b5def776bfa916ad3c1897069cf450d45 proftpd-1.3.1-2.fc7.i386.rpm
ef29117032441cb25efc4bb59c84aff4cd83e548 proftpd-mysql-1.3.1-2.fc7.i386.rpm
052aa8c9b02c7bd70c05e11ea517a0b3f81bd64a proftpd-1.3.1-2.fc7.x86_64.rpm
6106490d217a25241381dad096bc6e3982fa5612 proftpd-debuginfo-1.3.1-2.fc7.x86_64.rpm
62d759fef3677747b6e210b894744a9fa795c19a proftpd-ldap-1.3.1-2.fc7.x86_64.rpm
53d5fdab013f459d11732f334d7c9911e3f6d043 proftpd-mysql-1.3.1-2.fc7.x86_64.rpm
d081661bba3eedd5c0b3df779a7ef969eb3c24eb proftpd-postgresql-1.3.1-2.fc7.x86_64.rpm
2c9b7a05c8e16ff452ed7469a7b2f52d940317a5 proftpd-postgresql-1.3.1-2.fc7.ppc.rpm
3a4e69d134a6e307efdfac347b259cdf827f92bd proftpd-mysql-1.3.1-2.fc7.ppc.rpm
7c4292cf5c4c6f570ebe1d9c45a7a473cea5dd60 proftpd-debuginfo-1.3.1-2.fc7.ppc.rpm
5b36fd3c6844d4c43325d5640b8daa06c2013e91 proftpd-1.3.1-2.fc7.ppc.rpm
5d787e5225659e681e4469ae136070bcb49681f4 proftpd-ldap-1.3.1-2.fc7.ppc.rpm
71c0569ba6a97d32dce1a22c1fa5c38ea6a83b49 proftpd-1.3.1-2.fc7.src.rpm

References

http://www.vupen.com/english/advisories/2007/3734
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html

ChangeLog

2007-11-06 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy