C.P: psa v7.5.4_build75060617.18 os_RedHat el4
ProFTPd: psa-proftpd 1.2.10-rhel4.build75050824.12
I request a security report for my ded server, and i received this message.
Type Port Issue and Fix
Warning ftp (21/tcp)
The remote ProFTPd server is as old or older than 1.2.10
It is possible to determine which user names are valid on the remote host
based on timing analysis attack of the login procedure.
An attacker may use this flaw to set up a list of valid usernames for a
more efficient brute-force attack against the remote host.
Solution : Upgrade to a newer version
Risk factor : Low
CVE : CVE-2004-1602
BID : 11430
Nessus ID : 15484
Informational ftp (21/tcp)
Synopsis :
The remote FTP server is affected by multiple vulnerabilities.
Description :
The remote host is using ProFTPD, a free FTP server for Unix and
Linux.
According to its banner, the version of ProFTPD installed on the
remote host suffers from multiple format string vulnerabilities, one
involving the 'ftpshut' utility and the other in mod_sql's
'SQLShowInfo' directive. Exploitation of either requires involvement
on the part of a site administrator and can lead to information
disclosure, denial of service, and even a compromise of the affected
system.
See also :
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2
Solution :
Upgrade to ProFTPD version 1.3.0rc2 or later.
Risk factor :
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:R/C:P/A:P/I:P/B:N)
CVE : CVE-2005-2390
BID : 14380, 14381
Other references : OSVDB:18270, OSVDB:18271
Nessus ID : 19302
My ask is ... How is possible or how i can UPDATE the ProFTPd to the lastest version (ProFTPD version 1.3.0rc2 or later) in my ded server. Remember, this box working with Plesk 7.5.4.
More thanks for your time, i appreciate it
.