[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
- Subject: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
- From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
- Date: Thu, 20 Dec 2001 17:11:36 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Mark,
> I have validated this issue. The interesting thing is that when you
> attempt to execute the sequence to evoke the bug under a windows ftp
> client, the proftpd process fails to crash. However, when a unix ftp
> client is used, the proftpd process does indeed crash.
>
> We are researching exactly why this is the case. I expect that shortly
> after 1:00pm EST today (Thursday) we will have a better idea of when we
> can have a patch. (That's California-arrive-at-work-time :-).
>
> I will spend the morning attempting to see if this can be exploited
> maliciously. Expect a post later today.
That's great :-) Thanks for the great response.
Regards,
Jonathan Michaelson