>Although I have all the security patches in place, >including the 'Security: proftpd Update 1.0.1' >they got in using 'SDI linux remote exploit >for ProFTP'
Just out of curiosity, don't you need to be running anonymous ftp for this exploit to work? I just checked Security Focus and it says "SDI anonymous remote exploit for proftpd". From what I can gather, it says they first need "permission to download a file (like welcome.msg or README)." Not that this isn't a serious issue, but if anonymous FTP isn't turned on, I don't think it would be so easy to exploit (unless of course a user decides to try). Please correct me if I'm wrong. http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=27450 Barbara __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
