oss-sec mailing list archives
Re: Proftpd pre-authentication buffer overflow in Telnet code
From: Josh Bressers <bressers () redhat com>
Date: Mon, 1 Nov 2010 16:55:31 -0400 (EDT)
----- "Florian Weimer" <fw () deneb enyo de> wrote:
I haven't seen a CVE/patch/discussion for this issue yet: | 1.3.3c | --------- | | + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925) <http://proftpd.org/docs/RELEASE_NOTES-1.3.3c>
I'm not assigning this an ID at this time. We'll see if it already has one.
This: | + Fixed directory traversal bug in mod_site_misc is <http://bugs.proftpd.org/show_bug.cgi?id=3519> and also seems to lack a CVE assignment.
Use CVE-2010-3867
I don't know yet if the following is a security fix: | + Fixed SQLite authentications using "SQLAuthType Backend"
Even if it is, I have no idea what sort of flaw this would be. Does anyone else know? Thanks. -- JB
Current thread:
- Proftpd pre-authentication buffer overflow in Telnet code Florian Weimer (Nov 01)
- Re: Proftpd pre-authentication buffer overflow in Telnet code Josh Bressers (Nov 01)