Australia's Leading Computer Emergency Response Team

ProFTPD, Plesk, Samba and notmuch else
Date: 24 February 2012
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=15532

Greetings All,

Another Friday rolls around, and what a Friday it has been today. I will forgo the normal end of week levity and dive straight into the two stand out vulnerabilities of the week:

ProFTPD and Plesk. These two software products both had active exploitation over the last week that we were informed about. The Plesk vulnerabili ty has been patched (and you should upgrade ASAP). The ProFTPD vulnerability has a workaround as it is not strictly a ProFTPD vulnerability. Afte r a bit of digging, reading, brushing up on my C and shellcode reading ability, we put together this bulletin (ASB-2012.0029). [1]

The reason the two became one, was mostly because we saw both products being compromised. However it was also because Plesk installs ProFTPD, and initially we were unsure whether it was a Plesk vulnerability or the ProFTPD one that allowed the compromise.

The second of today's (and this week's) most interesting bulletins was the recent SAMBA vulnerability and patch. This vulnerability allows a remo te root compromise of your Samba server. So hopefully it is restricted to "trusted" people until you are able to apply the patch. RedHat has rele ased one (ESB-2012.0220) and I am sure other distros will have them shortly. [2] Oh, who am I kidding; its levity time. Debian made my day, if not my week, when they released a security bulletin entitled "notmuch security upda te"! After a good few minutes rolling on the floor with laughter, I managed to actually start reading the bulletin and noticed that the vulnerabi lity was "notmuch information disclosure". A few more minutes of laughter later, and I decided that even if it was "notmuch information disclosur e", that "notmuch information" could be important information, so I am glad they fixed it.

Well, it is now time for me to head home to clean the study. I would highly recommend that anyone who has a messy study clean it from time to tim e. Here are the two main reasons for this suggestion:

  1. My study now has carpet visible, and it is much softer to walk on carpet than cables.
  2. I found 9 LCD monitors, 4 1TB SATA drives, and 5 146GB SAS drives that were hidden under and behind things.

Have a good weekend (patching your Samba and Plesk installs, and adding the workaround for the ProFTPD vulnerability),
Richard