Mark, > I have validated this issue. The interesting thing is that when you > attempt to execute the sequence to evoke the bug under a windows ftp > client, the proftpd process fails to crash. However, when a unix ftp > client is used, the proftpd process does indeed crash. > > We are researching exactly why this is the case. I expect that shortly > after 1:00pm EST today (Thursday) we will have a better idea of when we > can have a patch. (That's California-arrive-at-work-time :-). > > I will spend the morning attempting to see if this can be exploited > maliciously. Expect a post later today.
That's great :-) Thanks for the great response. Regards, Jonathan Michaelson _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
