On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote: > > potato version is not exploitable (patched with a backported hack many > months ago). See old DSA on www.debian.org. > No, it is still vulnerable. I have confirmed for myself that the fix applied in the DSA did not eliminate the DoS. The only way to be safe right now is to add the following to /etc/proftpd.conf: <Global> DenyFilter \*.*/ </Global> The problem is not likely with proftpd, but with glibc. I am going to begin investigating fixes ASAP. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpZwE7OQXr30.pgp
Description: PGP signature