GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 16, 2020 9:26 pm Post subject: [ GLSA 202003-35 ] ProFTPd |
 |
|
Gentoo Linux Security Advisory
Title: ProFTPd: Multiple vulnerabilities (GLSA 202003-35)
Severity: normal
Exploitable: remote
Date: 2020-03-16
Bug(s): #699520, #701814, #710730
ID: 202003-35
Synopsis
Multiple vulnerabilities have been found in ProFTPd, the worst of
which may lead to arbitrary code execution.
Background
ProFTPD is an advanced and very configurable FTP server.
Affected Packages
Package: net-ftp/proftpd
Vulnerable: < 1.3.6c
Unaffected: >= 1.3.6c
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in ProFTPd. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker, by interrupting the data transfer channel, could
possibly execute arbitrary code with the privileges of the process or
cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All ProFTPd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6c"
|
References
CVE-2019-18217
CVE-2019-19269
CVE-2020-9272
CVE-2020-9273 |
|
News & Announcements
