[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ProFTPD ASCII File Remote Compromise Vulnerability

On Tue, Sep 23, 2003 at 04:26:14PM -0400, Matt Zimmerman wrote:
> On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote:

Hi,

> > Looking for the Debian Woody patch.  Anyone know if it is available or if
> > this version is exploitable?
> 
> According to the maintainer, the version in woody is not affected by this
> bug.
Quoting TJ Saunders from
http://sourceforge.net/mailarchive/forum.php?thread_id=3173947&forum_id=2637
========================================================================
byg>BTW, How about version prior 1.2.7?
 
They are believed to not have this bug.  I would recommend upgrading to
one of the patched releases, just to be certain.
 
TJ
=========================================================================
Hmmm that's why I hate advisorys without PoC Code or detailed descriptions.

diffing the source code might help ...

Sven
-- 
http://www.comboguano.de
http://sven.linux-ist-pleite.de
I'm root, if you see me laughing you better have a backup!
Reply to: