Re: ProFTPD still vulnerable (Sarge)
On Thursday, 2006-11-30 at 13:49:44 +0100, Stefan Fritsch wrote:
> Oh, that's bad. You don't have ftps enabled explicitly either?
No, just plain ftp.
> This probably means that there is at least some exploit to DoS sarge's 1.2.x.
As I said, the FTP access from "outside" is disabled now. So I can't
test without mod_delay, and can't check if this is distinct from the
effect described in 308313 and 301275. But I doubt that.
> >> There is a thread about this at
> >> http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-November/000972.html
> > CVE-2006-5815: "Buffer overflow in ProFTPD 1.3.0 and earlier, when
> > configured to use the CommandBufferSize directive ...". This directive
> > is not in the default Debian Config file, I believe, and it isn't in the
> > one on that machine.
> This description is wrong. There was some confusion about what
> CVE-2006-5815 is. It is really about a flaw in sreplace(). There is more
> info about this confusion later in the thread above, e.g.
> http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-November/000990.html
> or at
> http://bugs.proftpd.org/show_bug.cgi?id=2858
> The CommandBufferSize issue was fixed by DSA-1218-1.
CommandBufferSize isn't used, so it couldn't be that in any case.
Lupe Christoph
--
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't it? |
| Rockhound in "Armageddon", 1998, about the Space Shuttle |
Reply to: