[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proftpd exploit

Thanks, I checked on security.debian.org but couldn't find anything - so probably a sign not to worry too much.

Fraser Campbell wrote:
On Friday 26 September 2003 09:33, mimo wrote:

I have just discovered this exploit report but couldn't find anything
about other distros than Slackware
Does any body know if the debian version is affected too?
You should always take a look at bug reports if you're worried about a 
security issue.  Here's the bug report on this for Debian:


According to the bug report, woody is not vulnerable.  ISS says that versions 
1.2.7 through 1.2.9rc2 (and possibly versions prior to 1.2.7) are vulnerable.  
I suspect that someone somewhere has since tested ealier versions (woody runs 
a patched 1.2.4) and decided that those versions are not vulnerable.  It 
would be nice if the bug report noted on what evidence stable is not 

All I could think of for the moment was disabling donwloading via FTP
globally. Any ideas?
Yes it sounds like denying either uploads or downloads would have saved you.


Reply to: