Re: ProFTPD still vulnerable (Sarge)

To: debian-security@lists.debian.org
Cc: "Lupe Christoph"@murphy.debian.org, " <lupe@lupe-christoph.de>"@murphy.debian.org
Subject: Re: ProFTPD still vulnerable (Sarge)
From: "Stefan Fritsch" <sf@sfritsch.de>
Date: Thu, 30 Nov 2006 12:57:53 +0100 (CET)
Message-id: <[🔎] 12751.217.111.53.98.1164887873.squirrel@eru.sfritsch.de>
In-reply-to: <[🔎] 20061130062853.GM17888@lupe-christoph.de>
References: <[🔎] 20061130062853.GM17888@lupe-christoph.de>

Hi,

> The attacks ceased before I noticed, so I was not able to capture a TCP
> stream. I would just like to alert people that there is still some
> vulnerability in the ProFTPD code that was not fixed by DSA-1218-1.

yes, there are two open vulnerabilites in proftpd. A DSA should be in the
works, but I don't know the current status.

One is CVE-2006-5815 and the other is a mod_tls vulnerability without CVE
id yet. AFAIK there is no exploit for sarge's 1.2.x for CVE-2006-5815 yet.
So I would expect this to be the mod_tls vulnerability. Do you have
mod_tls enabled? Try connecting to your server with telnet and enter FEAT
and see whether it returns AUTH TLS.

There is a thread about this at
http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-November/000972.html


NOTE: Users of etch/sid should upgrade to 1.3.0-16 *NOW*.

Cheers,
Stefan

Reply to:

Follow-Ups:
- Re: ProFTPD still vulnerable (Sarge)
  - From: Lupe Christoph <" <lupe@lupe-christoph.de>"@murphy.debian.org>
- Re: ProFTPD still vulnerable (Sarge)
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: ProFTPD still vulnerable (Sarge)
  - From: Neil McGovern <neilm@debian.org>

References:
- ProFTPD still vulnerable (Sarge)
  - From: lupe@lupe-christoph.de (Lupe Christoph)

Prev by Date: Re: ProFTPD still vulnerable (Sarge)
Next by Date: Re: ProFTPD still vulnerable (Sarge)
Previous by thread: Re: ProFTPD still vulnerable (Sarge)
Next by thread: Re: ProFTPD still vulnerable (Sarge)
Index(es):
- Date
- Thread