Re: proftpd exploit

To: Fraser Campbell <fraser@wehave.net>
Cc: debian-isp@lists.debian.org
Subject: Re: proftpd exploit
From: mimo <mimo@restoel.net>
Date: Mon, 29 Sep 2003 13:25:23 +0100
Message-id: <[🔎] 3F7824B3.8080706@restoel.net>
In-reply-to: <[🔎] 200309271933.49054.fraser@wehave.net>
References: <[🔎] 3F744035.3070200@restoel.net> <[🔎] 200309271933.49054.fraser@wehave.net>

Thanks, I checked on security.debian.org but couldn't find anything - so probably a sign not to worry too much.

Michael
Fraser Campbell wrote:

On Friday 26 September 2003 09:33, mimo wrote:

I have just discovered this exploit report but couldn't find anything
about other distros than Slackware
http://proftpd.linux.co.uk/index.html
Does any body know if the debian version is affected too?

You should always take a look at bug reports if you're worried about a 
security issue.  Here's the bug report on this for Debian:

    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212416

According to the bug report, woody is not vulnerable.  ISS says that versions 
1.2.7 through 1.2.9rc2 (and possibly versions prior to 1.2.7) are vulnerable.  
I suspect that someone somewhere has since tested ealier versions (woody runs 
a patched 1.2.4) and decided that those versions are not vulnerable.  It 
would be nice if the bug report noted on what evidence stable is not 
affected.

All I could think of for the moment was disabling donwloading via FTP
globally. Any ideas?

Yes it sounds like denying either uploads or downloads would have saved you.

Reply to:

References:
- proftpd exploit
  - From: mimo <mimo@restoel.net>
- Re: proftpd exploit
  - From: Fraser Campbell <fraser@wehave.net>

Prev by Date: Re: vmware server with multiple Server OS's on blade servers
Next by Date: Re: Postfix: Multiple recipients alias?
Previous by thread: Re: proftpd exploit
Next by thread: Squid Refresh ?
Index(es):
- Date
- Thread