Hi all, this seems to be the the week of vulnerabilities. First OpenSSH, then Sendmail, then ModSSL and now ProFTPd. :o(
For more information about the ProFTPd issue see this URL: http://securityfocus.com/archive/1/338687/2003-09-20/2003-09-26/0 Small sample: Synopsis: ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for Unix that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers. Impact: An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites. Affected Versions: ProFTPD 1.2.7 ProFTPD 1.2.8 ProFTPD 1.2.8rc1 ProFTPD 1.2.8rc2 ProFTPD 1.2.9rc1 ProFTPD 1.2.9rc2 Note: Versions previous to version 1.2.7 may also be vulnerable. For the complete ISS X-Force Security Advisory, please visit: http://xforce.iss.net/xforce/alerts/id/154 -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
