Bugtraq mailing list archives

Re: [proftpd-l] root compromise ? (fwd)

From: sky () WIBBLE NET (Nic Bellamy)
Date: Mon, 15 Feb 1999 20:36:33 +1300


On Sun, 14 Feb 1999, Dirk Moerenhout wrote:

Proftpd 1.2.0pre1 is not patched. If it is, then it is very weird that
there is a patch on the ftp-site for this problem.


ProFTPd 1.2.0pre2 is available from ftp://ftp.proftpd.org/distrib/ - it
fixes this particular problem, and a few others (including a memory leak
when doing `ls -lR' that could have easily been used as a DoS attack).

So, forget the patches, just upgrade :-)

Regards,
        Nic.

#include ".signature"

Current thread:

Possible Netscape Crypto Security Flaw, (continued)
- - - Possible Netscape Crypto Security Flaw Haze (Feb 14)
    - Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
    - snap utility for AIX. Larry W. Cashdollar (Feb 17)
    - Re: snap utility for AIX. Brian Hauber (Feb 18)
    - mSQL vulnerability. Christofer C. Bell (Feb 17)
    - OT: Copyright on Security advisories Aviram Jenik (Feb 18)
    - Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
    - Re: mSQL vulnerability. John W. Temples (Feb 18)
    - Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
    - Regarding passwords in registry keys. Ash (Feb 19)
    - Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
  - ICQ99 crash loser (Feb 14)
    - Re: ICQ99 crash Eric J. Stevens (Feb 15)
    - Re: ICQ99 crash Joe Stewart (Feb 16)
    - Re: ICQ99 crash Timothy Doane (Feb 16)
    - Website Pro v2.0 (NT) Configuration Issues Christian Antkow (Feb 16)
    - [HERT] Advisory #002 Buffer overflow in lsof Anthony C . Zboralski (Feb 17)
    - [SECURITY] New versions of super fixes two buffer overflows joey () FINLANDIA INFODROM NORTH DE (Feb 18)
    - Re: [HERT] Advisory #002 Buffer overflow in lsof Vic Abell (Feb 18)
    - Tetrix 1.13.16 is Vulnerable Steven Hodges (Feb 17)
    - Re: Tetrix 1.13.16 is Vulnerable Pavel Machek (Feb 19)

(Thread continues...)