Re: protftpd and wu-ftpd-academ critical errors

To: debian-devel@lists.debian.org
Subject: Re: protftpd and wu-ftpd-academ critical errors
From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
Date: Tue, 23 Feb 1999 15:38:50 +0100
Message-id: <[🔎] 19990223153850.A26867@atrey.karlin.mff.cuni.cz>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.02.9902231142360.26478-100000@main.lighting.ml.org>; from Grzegorz Stelmaszek on Tue, Feb 23, 1999 at 11:49:08AM +0100
References: <[🔎] Pine.LNX.4.02.9902231142360.26478-100000@main.lighting.ml.org>

On Tue, Feb 23, 1999 at 11:49:08AM +0100 , Grzegorz Stelmaszek wrote:
> Package: protftpd
> Severity: Critical 
> Package: wu-ftpd-academ
> Severity: Critical
> 
> Maybe some quotation from www.rootshell.com:
>  
> "
>  2/9/99 ftpd.txt Remote buffer overflows in various FTP servers leads 
>    to potential root compromise. (ProFTPD 1.2.0pre1 and Wuarchive ftpd
>    (2.4.2-academ[BETA-18])).
> "
> And as i know Debian 2.0r5 (as weel as 2.1) HAS ProFTPD 1.2.0pre1 and IS
> vulnurable to this "potential" attack.
The plain version yes, but _not_ the patched version -2 in stable and slink.
Potato has pre2, which is _not_ vulnerable.
Dtto. for wu-ftpd. Read the security pages at http://www.debian.org/security/

				Petr Cech 
--
 /    mailto: cech@atrey.karlin.mff.cuni.cz    \
|   PGP: finger cech@atrey.karlin.mff.cuni.cz	|
 \      C75B671E75117038  43BE6B9AC09C3318     /

Reply to:

References:
- protftpd and wu-ftpd-academ critical errors
  - From: Grzegorz Stelmaszek <greg@lighting.ml.org>

Prev by Date: Re: [Richard Stallman <rms@gnu.org>] Re: Debian & BSD concerns
Next by Date: Re: Release-critical Bugreport for February 22, 1999
Previous by thread: protftpd and wu-ftpd-academ critical errors
Next by thread: Re: protftpd and wu-ftpd-academ critical errors
Index(es):
- Date
- Thread