copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » ProFTPD, Plesk, Samba and notmuch else
 

ProFTPD, Plesk, Samba and notmuch else
Date: 24 February 2012

Click here for printable version

Greetings All,

Another Friday rolls around, and what a Friday it has been today. I will forgo the normal end of week levity and dive straight into the two stand out vulnerabilities of the week:

ProFTPD and Plesk. These two software products both had active exploitation over the last week that we were informed about. The Plesk vulnerabili ty has been patched (and you should upgrade ASAP). The ProFTPD vulnerability has a workaround as it is not strictly a ProFTPD vulnerability. Afte r a bit of digging, reading, brushing up on my C and shellcode reading ability, we put together this bulletin (ASB-2012.0029). [1]

The reason the two became one, was mostly because we saw both products being compromised. However it was also because Plesk installs ProFTPD, and initially we were unsure whether it was a Plesk vulnerability or the ProFTPD one that allowed the compromise.

The second of today's (and this week's) most interesting bulletins was the recent SAMBA vulnerability and patch. This vulnerability allows a remo te root compromise of your Samba server. So hopefully it is restricted to "trusted" people until you are able to apply the patch. RedHat has rele ased one (ESB-2012.0220) and I am sure other distros will have them shortly. [2] Oh, who am I kidding; its levity time. Debian made my day, if not my week, when they released a security bulletin entitled "notmuch security upda te"! After a good few minutes rolling on the floor with laughter, I managed to actually start reading the bulletin and noticed that the vulnerabi lity was "notmuch information disclosure". A few more minutes of laughter later, and I decided that even if it was "notmuch information disclosur e", that "notmuch information" could be important information, so I am glad they fixed it.

Well, it is now time for me to head home to clean the study. I would highly recommend that anyone who has a messy study clean it from time to tim e. Here are the two main reasons for this suggestion:

  1. My study now has carpet visible, and it is much softer to walk on carpet than cables.
  2. I found 9 LCD monitors, 4 1TB SATA drives, and 5 146GB SAS drives that were hidden under and behind things.

Have a good weekend (patching your Samba and Plesk installs, and adding the workaround for the ProFTPD vulnerability),
Richard



Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=15532