[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] ProFTPd (latest from cobalt) is vulunerable.

Subject: [cobalt-security] ProFTPd (latest from cobalt) is vulunerable.
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Fri, 9 Mar 2001 07:33:31 -0800 (PST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

A minor security vulnerability was discovered in proftpd-1.2.0-final
involving
group-expressions inside of <Limit> contexts.  This issue may result in
the
{Allow,Deny}Group directives not working correctly.  The issue affects
1.2.0,
1.2.0 RPMs and CVS earlier than Feb 28, 2001.

Version 1.2.1 has been released, and contains a fix for the issue, as well
as
some other minor bug fixes.  1.2.1 does not contain any feature 

Someone from Cobalt, please read:
http://www.proftpd.org/proftpd-announce-archive/01-03/msg00000.html
I think a .pkg should go out.

  Best regards,
     shimi [mailto:shimi@xxxxxxxxxxxxxxxx]


----

There are two major products that come out of Berkeley: LSD and BSD.
We don't believe this to be a coincidence.
   -- Jeremy S. Anderson

 Windows: "Where do you want to go today?"
   Linux: "Where do you want to go tomorrow?"
     BSD: "Are you guys coming or what?"

Follow-Ups:
- Re: [cobalt-security] ProFTPd (latest from cobalt) is vulunerable.
  - From: Jeff Lovell

Prev by Date: Re: [cobalt-users] Re: [cobalt-security] [RaQ3]Open ports
Next by Date: Re: [cobalt-security] ProFTPd (latest from cobalt) is vulunerable.
Previous by thread: Re: [cobalt-security] RaQ3 Hacked - Information Gathered
Next by thread: Re: [cobalt-security] ProFTPd (latest from cobalt) is vulunerable.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index