[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] ProFTPD issues

Subject: [cobalt-security] ProFTPD issues
From: "Mr. M" <mistrM@xxxxxxxxxxxx>
Date: Wed, 7 Feb 2001 11:29:00 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Proftpd 1.2.0rc3 was released yesterday.

Below is today's post on Bugtraq about it.  I'm wondering if we are going to
see an RPM from Cobalt on this any time soon?


M

--------

Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in
the past month. These issues have been addressed by the ProFTPD core team.

The following vulnerabilities are addressed in this advisory:

1. "SIZE memory leak"
   http://www.securityfocus.com/archive/1/151991
   Reported by Wojciech Purczynski <wp@xxxxxxxxxxxx>

2. "USER memory leak"
   http://www.securityfocus.com/archive/1/155349
   Reported by Wojciech Purczynski <wp@xxxxxxxxxxxx>

3. "Minor format string vulnerabilities"
   http://www.securityfocus.com/archive/1/155428
   Reported by Przemyslaw Frasunek <venglin@xxxxxxxxxxxxxxxxx>

All three are thought to exist in all previous 1.2.0 test releases,
(1.2.0pre[1-10], 1.2.0rc[1-2]). All three now have been fixed, and patches
have been committed to the ProFTPD CVS repository. A new release, 1.2.0rc3,
containing these fixes has been made available as of 5 February and is
available from:

        http://www.proftpd.org/download.html
        ftp://ftp.proftpd.org/distrib/proftpd-1.2.0rc3.tar.gz

Follow-Ups:
- Re: [cobalt-security] ProFTPD issues
  - From: Jeff Lovell

Prev by Date: Re: [cobalt-security] BIND EXPLOIT OUT.
Next by Date: Re: [cobalt-security] FTP and telnet down...
Previous by thread: Re: [cobalt-security] FTP and telnet down...
Next by thread: Re: [cobalt-security] ProFTPD issues

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index