Re: Unknown file in login on proftpd 1.2.0pre10-2potato1

To: debian-security@lists.debian.org
Subject: Re: Unknown file in login on proftpd 1.2.0pre10-2potato1
From: Michel Kaempf <maxx@via.ecp.fr>
Date: Tue, 20 Feb 2001 13:38:27 +0100
Message-id: <20010220133826.B6398@via.ecp.fr>
In-reply-to: <3A91FB78.88C980C9@interstroom.nl>; from vink@interstroom.nl on Tue, Feb 20, 2001 at 06:07:04AM +0100
References: <20010220123356.A16238@matilda.fiorile.org> <3A91FB78.88C980C9@interstroom.nl>

On Tue, Feb 20, 2001, Maarten Vink wrote:
> My guess is that it's a small bug in proftpd that dumps some internal
> data, and has no security implications. But since you can't be too
> sure, it would be interesting to see what other people have to say
> about this.

Last week, I noticed the same problem and immediately sent a bug report
(Bug#86011). It is a bug in proftpd (in the last security patch in fact,
that's why the bug only appeared last week after a security upgrade),
and developers are actually working on it.

As a temporary workaround, I stopped proftpd, deleted the /var file in
the anonymous chroot, created a new empty /var file, owned by root, ran
chmod 0 on it, and finally started proftpd again. Maybe not the best
solution, but at least I know there is no sensitive data in this file.

-- 
MaXX

Reply to:

References:
- Unknown file in login on proftpd 1.2.0pre10-2potato1
  - From: Poe-Min Oliver Wu <pm5@matilda.fiorile.org>
- Re: Unknown file in login on proftpd 1.2.0pre10-2potato1
  - From: Maarten Vink <vink@interstroom.nl>

Prev by Date: Re: Debian or Linux 7???
Next by Date: Re: OpenSSH and CVS
Previous by thread: Re: Unknown file in login on proftpd 1.2.0pre10-2potato1
Next by thread: OpenSSH and CVS
Index(es):
- Date
- Thread