Re: ProFTPD still vulnerable (Sarge)

To: debian-security@lists.debian.org
Subject: Re: ProFTPD still vulnerable (Sarge)
From: Sam Morris <sam@robots.org.uk>
Date: Thu, 30 Nov 2006 10:53:52 +0000 (UTC)
Message-id: <[🔎] ekmd80$gus$1@sea.gmane.org>
References: <[🔎] 20061130062853.GM17888@lupe-christoph.de>

On Thu, 30 Nov 2006 07:28:53 +0100, Lupe Christoph wrote:
> The attacks ceased before I noticed, so I was not able to capture a TCP
> stream. I would just like to alert people that there is still some
> vulnerability in the ProFTPD code that was not fixed by DSA-1218-1.

Indeed, see <http://idssi.enyo.de/tracker/CVE-2006-5815> and
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399070>. I guess an
update is in the works somewhere. :)

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Reply to:

References:
- ProFTPD still vulnerable (Sarge)
  - From: lupe@lupe-christoph.de (Lupe Christoph)

Prev by Date: ProFTPD still vulnerable (Sarge)
Next by Date: Re: ProFTPD still vulnerable (Sarge)
Previous by thread: ProFTPD still vulnerable (Sarge)
Next by thread: Re: ProFTPD still vulnerable (Sarge)
Index(es):
- Date
- Thread