Oval Definition:	oval:org.mitre.oval:def:7948
Revision Date: 2014-06-23 Version: 18 Title: DSA-1689 proftpd-dfsg -- missing input validation Description: Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2008-4242 DSA-1689 Platform(s): Debian GNU/Linux 4.0 Product(s): proftpd-dfsg Definition Synopsis Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section proftpd-pgsql is earlier than 1.3.0-19etch2 OR proftpd-doc is earlier than 1.3.0-19etch2 OR proftpd-mysql is earlier than 1.3.0-19etch2 OR proftpd-ldap is earlier than 1.3.0-19etch2 OR proftpd is earlier than 1.3.0-19etch2
BACK