I'm suddenly unsure if I'm running a micro$oft product... I'm patching left and right...
I'm not sure if patching is the proper conduct... Or if I should just throw in a match and ignight! grrrr my .2 C TD ----- Original Message ----- From: "Michael Stauber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 23, 2003 12:28 PM Subject: [good] [cobalt-security] Vulnerability in ProFTPD > Hi all, > > this seems to be the the week of vulnerabilities. First OpenSSH, then > Sendmail, then ModSSL and now ProFTPd. :o( > > For more information about the ProFTPd issue see this URL: > > http://securityfocus.com/archive/1/338687/2003-09-20/2003-09-26/0 > > Small sample: > > Synopsis: > > ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD > is a highly configurable FTP (File Transfer Protocol) server for Unix > that allows for per-directory access restrictions, easy configuration of > virtual FTP servers, and support for multiple authentication mechanisms. > A flaw exists in the ProFTPD component that handles incoming ASCII file > transfers. > > Impact: > > An attacker capable of uploading files to the vulnerable system can > trigger a buffer overflow and execute arbitrary code to gain complete > control of the system. Attackers may use this vulnerability to destroy, > steal, or manipulate data on vulnerable FTP sites. > > Affected Versions: > > ProFTPD 1.2.7 > ProFTPD 1.2.8 > ProFTPD 1.2.8rc1 > ProFTPD 1.2.8rc2 > ProFTPD 1.2.9rc1 > ProFTPD 1.2.9rc2 > > Note: Versions previous to version 1.2.7 may also be vulnerable. > > For the complete ISS X-Force Security Advisory, please visit: > http://xforce.iss.net/xforce/alerts/id/154 > > -- > > With best regards, > > Michael Stauber > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
