[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] ProFTPD Bug - may lead to a security issue

Subject: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
From: Michael Korolew <admin@xxxxxxxxxxxxxx>
Date: Thu, 20 Dec 2001 09:55:48 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Jeff Lasman wrote:

baltimoremd@xxxxxxxxxxxxxxx wrote:

ProFTPD have release a bug fix version, but I haven't tried applying it to
the RaQs yet. I'm hoping Cobalt will be QUICK with this one and get a
package out ASAP.

How can Cobalt be quick if there's no exploit yet?


Thom, under many conditions, there can be a fix before there's an
exploit.  You can spot a vulnerability and patch it before there's an
exploit.

Jeff

Jeff, this is true, however if there was an exploitable buffer overrunncode similar to wuftpd versions it would not effect the Raqs anywaysince they come with stack execution disabled, which protects it fromexploit code overruns/overflows, thus eliminating the need to scrambleto patch the Raqs.

References:
- Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
  - From: baltimoremd
- Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by Date: [cobalt-security] named: denied update log entires
Previous by thread: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by thread: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index