[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [good] [cobalt-security] Vulnerability in ProFTPD
- Subject: Re: [good] [cobalt-security] Vulnerability in ProFTPD
- From: "tim doyle" <tim@xxxxxxxxxxxxxxxx>
- Date: Tue, 23 Sep 2003 12:39:44 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I'm suddenly unsure if I'm running a micro$oft product...
I'm patching left and right...
I'm not sure if patching is the proper conduct...
Or if I should just throw in a match and ignight!
grrrr
my .2 C
TD
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 23, 2003 12:28 PM
Subject: [good] [cobalt-security] Vulnerability in ProFTPD
> Hi all,
>
> this seems to be the the week of vulnerabilities. First OpenSSH, then
> Sendmail, then ModSSL and now ProFTPd. :o(
>
> For more information about the ProFTPd issue see this URL:
>
> http://securityfocus.com/archive/1/338687/2003-09-20/2003-09-26/0
>
> Small sample:
>
> Synopsis:
>
> ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD
> is a highly configurable FTP (File Transfer Protocol) server for Unix
> that allows for per-directory access restrictions, easy configuration of
> virtual FTP servers, and support for multiple authentication mechanisms.
> A flaw exists in the ProFTPD component that handles incoming ASCII file
> transfers.
>
> Impact:
>
> An attacker capable of uploading files to the vulnerable system can
> trigger a buffer overflow and execute arbitrary code to gain complete
> control of the system. Attackers may use this vulnerability to destroy,
> steal, or manipulate data on vulnerable FTP sites.
>
> Affected Versions:
>
> ProFTPD 1.2.7
> ProFTPD 1.2.8
> ProFTPD 1.2.8rc1
> ProFTPD 1.2.8rc2
> ProFTPD 1.2.9rc1
> ProFTPD 1.2.9rc2
>
> Note: Versions previous to version 1.2.7 may also be vulnerable.
>
> For the complete ISS X-Force Security Advisory, please visit:
> http://xforce.iss.net/xforce/alerts/id/154
>
> --
>
> With best regards,
>
> Michael Stauber
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security