[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] ProFTPD Bug - may lead to a security issue
- Subject: RE: [cobalt-security] ProFTPD Bug - may lead to a security issue
- From: "Mark Carey" <mark.carey@xxxxxxx>
- Date: Wed, 19 Dec 2001 13:58:51 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello,
I have attempted to duplicate this bug, but have not been successful
using the versions of Proftpd that are available from Sun/Cobalt's
support site. Are you running a different version of ProFTPd than the
ones published on the site? If so, please elaborate on the details so
we can attempt to duplicate and validate the issue.
Thanks,
Mark Carey,
Sun Cobalt Vulnerability Assessment.
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Jonathan
Michaelson
Sent: Wednesday, December 19, 2001 12:24 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] ProFTPD Bug - may lead to a security issue
Something to keep a very close eye on:
http://www.securityfocus.com/archive/1/246331
A bug supposedly "similar" to the recent wu-ftpd bug has been found in
ProFTPD. I've verified that it affects the version provided by Cobalt
for the RaQ4 and would assume the other RaQ products will also be
affected if running ProFTPD.
There's no exploit - yet.
ProFTPD have release a bug fix version, but I haven't tried applying it
to the RaQs yet. I'm hoping Cobalt will be QUICK with this one and get a
package out ASAP.
Regards,
Jonathan Michaelson
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security