diff options
author | simon <simon@FreeBSD.org> | 2005-08-04 01:14:16 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-08-04 01:14:16 +0800 |
commit | fe0591226305a05cb8c82506e41d7aa9f9358d04 (patch) | |
tree | fed251cb48a7e920d80696cb0206250e01cd9b04 | |
parent | 9b802ec2e05adaeb5d6e5bd74f119bede9454a60 (diff) | |
download | freebsd-ports-gnome-fe0591226305a05cb8c82506e41d7aa9f9358d04.tar.gz freebsd-ports-gnome-fe0591226305a05cb8c82506e41d7aa9f9358d04.tar.zst freebsd-ports-gnome-fe0591226305a05cb8c82506e41d7aa9f9358d04.zip |
Document proftpd -- format string vulnerabilities.
Approved by: portmgr (blanket, VuXML)
-rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index da57b2776139..de2a97a25336 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,43 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c28f4705-043f-11da-bc08-0001020eed82"> + <topic>proftpd -- format string vulnerabilities</topic> + <affects> + <package> + <name>proftpd</name> + <name>proftpd-mysql</name> + <range><lt>1.3.0.rc2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The ProFTPD release notes states:</p> + <blockquote cite="http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"> + <p>sean <infamous42md at hotpop.com> found two format + string vulnerabilities, one in mod_sql's SQLShowInfo + directive, and one involving the 'ftpshut' utility. Both + can be considered low risk, as they require active + involvement on the part of the site administrator in order + to be exploited.</p> + </blockquote> + <p>These vulnerabilities could potentially lead to information + disclosure, a denial-of-server situation, or execution of + arbitrary code with the permissions of the user running + ProFTPD.</p> + </body> + </description> + <references> + <cvename>CAN-2005-2390</cvename> + <url>http://www.gentoo.org/security/en/glsa/glsa-200508-02.xml</url> + <url>http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2</url> + </references> + <dates> + <discovery>2005-07-26</discovery> + <entry>2005-08-03</entry> + </dates> + </vuln> + <vuln vid="debbb39c-fdb3-11d9-a30d-00b0d09acbfc"> <topic>nbsmtp -- format string vulnerability</topic> <affects> |