Facebook
Twitter
D
davidthurston
Guest
Hi, apologies if any of this has been posted before. I searched, but couldn't find anthing that applied to me.
I have the following Failures from Security Metrics.
VPS from Webfusion, Running Ubuntu 10, and Plesk 10.4.4
----------------------
Description: possible format string vulnerability in Courier IMAP Severity: Potential Problem CVE: CVE-2004-0777 Impact: A remote attacker could execute arbitrary commands. Resolution [http://www.courier-mta.org/download.php #imap] Upgrade to Courier IMAP 3.0.4 or higher, or set DEBUG_LOGIN equal to the default value of 0 in the IMAP configuration file, which is typically located in /usr/lib/courier-imap/etc/imapd. Vulnerability Details: Service: imap
I checked the version on plesk, and it is 3.08. Checked /etc/courier-imap/imapd and its got DEBUG=0
-----------------------------------------
Description: possible vulnerability in ProFTP 1.3.3e Severity: Area of Concern CVE: CVE-2011-4130 Impact: Attackers exploiting these vulnerabilities may be able to execute arbitrary commands, perhaps with root privileges, gain unauthorized access, or disrupt service on a target system. Resolution Upgrade [http://www.proftpd.org] ProFTPD to version [http://www.proftpd.org/docs/RELEASE_NOT ES-1.3.3g] 1.3.3g (stable) or greater.
We're running version 1.3.3e
--------------------------------------------
I have the following Failures from Security Metrics.
VPS from Webfusion, Running Ubuntu 10, and Plesk 10.4.4
----------------------
Description: possible format string vulnerability in Courier IMAP Severity: Potential Problem CVE: CVE-2004-0777 Impact: A remote attacker could execute arbitrary commands. Resolution [http://www.courier-mta.org/download.php #imap] Upgrade to Courier IMAP 3.0.4 or higher, or set DEBUG_LOGIN equal to the default value of 0 in the IMAP configuration file, which is typically located in /usr/lib/courier-imap/etc/imapd. Vulnerability Details: Service: imap
I checked the version on plesk, and it is 3.08. Checked /etc/courier-imap/imapd and its got DEBUG=0
-----------------------------------------
Description: possible vulnerability in ProFTP 1.3.3e Severity: Area of Concern CVE: CVE-2011-4130 Impact: Attackers exploiting these vulnerabilities may be able to execute arbitrary commands, perhaps with root privileges, gain unauthorized access, or disrupt service on a target system. Resolution Upgrade [http://www.proftpd.org] ProFTPD to version [http://www.proftpd.org/docs/RELEASE_NOT ES-1.3.3g] 1.3.3g (stable) or greater.
We're running version 1.3.3e
--------------------------------------------
