Full Disclosure mailing list archives
GLSA: net-ftp/proftpd (200309-16)
From: aliz () gentoo org (Daniel Ahlberg)
Date: Mon, 29 Sep 2003 16:23:23 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ GENTOO LINUX SECURITY ANNOUNCEMENT 200309-16 - ------------------------------------------------------------------------ PACKAGE : net-ftp/proftpd SUMMARY : ASCII File Remote Compromise Vulnerability DATE : 2003-09-28 00:37 UTC EXPLOIT : remote VERSIONS AFFECTED : <proftpd-1.2.9_rc2 FIXED VERSION : =proftpd-1.2.9_rc2 GENTOO BUG ID : 29452 CVE : none that we are aware of at this time - ------------------------------------------------------------------------ SUMMARY: ISS X-Force discovered a vulnerability that could be triggered when a specially crafted file is uploaded to a proftpd server. Read the full advisory at: http://www.proftpd.org/ SOLUTION: It is recommended that all Gentoo Linux users who are running net-ftp/proftpd upgrade to proftpd-1.29_rc2 as follows emerge sync emerge '>=net-ftp/proftpd-1.2.9_rc2' emerge clean - - - --------------------------------------------------------------------- solar () gentoo org aliz () gentoo org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/eEBbfT7nyhUpoZMRArDnAKCFlLbPmeC/S05/0EG1pqJc9BbClACgjPY6 OintOPB6pXf211OQxsUC7Tg= =+hmK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: net-ftp/proftpd (200309-16) Daniel Ahlberg (Sep 29)