Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

ProFTPd remote exploit
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
whit
Tux's lil' helper
Tux's lil' helper


Joined: 26 Oct 2002
Posts: 121
Location: VT
PostPosted: Tue Sep 23, 2003 6:17 pm    Post subject: ProFTPd remote exploit Reply with quote
Anyone know how to convince Gentoo to build the patched version?

Quote:
Hello, ProFTPD community. The ProFTPD Project team must make the
following announcement:

X-Force Research at ISS (www.iss.net) has discovered a bug in ProFTPD's
handling of ASCII translation. An attacker, by downloading a carefully
crafted file, can remotely exploit this bug to create a root shell:

http://xforce.iss.net/xforce/alerts/id/154

The source distributions on the project FTP server have been replaced
with patched versions (hence the 'p' in the filenames); the MD5
checksums and PGP signatures for these patched distributions are listed
below. The old RPMs have been deleted, and new RPMs provided. All
snapshots have been removed from the server.

All ProFTPD users are strongly encouraged to upgrade to one of these
distributions as soon as possible.

The ProFTPD Project team would like to heartily thank the X-Force
engineers for the responsible and professional way in which they
reported the vulnerability, and worked with the ProFTPD Project team to
address this issue.

The patched distributions, including PGP signatures and MD5 sums, will
soon be available from any of the proftpd mirrors. Mirrors are
available via FTP as:

ftp.<two_letter_iso_country_code>.proftpd.org

(example: ftp.nl.proftpd.org). Not all countries have mirrors;
however you should select one that is geographically close to you.

The MD5 sums for the source tarballs are:

ca6bbef30253a8af0661fdc618677e5c proftpd-1.2.7p.tar.bz2
677adebba98488fb6c232f7de898b58a proftpd-1.2.7p.tar.gz
417e41092610816bd203c3766e96f23b proftpd-1.2.8p.tar.bz2
abf8409bbd9150494bc1847ace06857a proftpd-1.2.8p.tar.gz
b89c44467f85eea41f8b1df17f8a0faa proftpd-1.2.9rc1p.tar.bz2
14ab9868666d68101ed942717a1632d1 proftpd-1.2.9rc1p.tar.gz
27e3f62a5615999adbbebcefa92b4510 proftpd-1.2.9rc2p.tar.bz2
9ce26b461b2fa3d986c9822b85c94e5f proftpd-1.2.9rc2p.tar.gz
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy