ProFTPD-1.2.8p
| Reported by: |
danielbaumann@… |
Owned by: |
blfs-book@… |
|
Priority:
|
high
|
Milestone:
|
|
|
Component:
|
BOOK
|
Version:
|
~CVS
|
|
Severity:
|
normal
|
Keywords:
|
|
|
Cc:
|
|
|
|
Since nobody seems to read blfs-dev mailing-list, I post here :/
Change History
(4)
| Resolution: |
→ fixed
|
| Status: |
new → closed
|
| bug_file_loc: |
http://archives.linuxfromscratch.org/mail-archives/blfs-dev/2003/07/0014.html → http://www.proftpd.org/
|
| Resolution: |
fixed
|
| Status: |
closed → reopened
|
| Summary: |
New Package: ProFTPD → ProFTPD-1.2.8p
|
| Resolution: |
→ fixed
|
| Status: |
reopened → closed
|
Version increment (1.2.8p)
"X-Force Research at ISS has discovered a remote exploit in ProFTPD's handling of ASCII translations that an attacker, by downloading a carefully crafted file, can exploit and gain a root shell.
The source distributions on ftp.proftpd.org have all been replaced with patched versions. All ProFTPD users are strongly urged to upgrade to one of the patched versions as soon as possible."