Package: linux-ftpd-ssl Version: 0.17.18+0.3-3sarge1 Severity: important Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for linux-ftpd-ssl. CVE-2007-6263[0]: | The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, | when certain modifications to support SSL have been introduced, calls | fclose on an uninitialized file stream, which allows remote attackers | to cause a denial of service (daemon crash) and possibly have | unspecified other impact via some types of FTP over SSL protocol | behavior, as demonstrated by breaking a passive FTP DATA connection in | a way that triggers an error in the server's SSL_accept function. | NOTE: the netkit ftp issue is covered by CVE-2007-5769. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6263 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpH7ThojWHUo.pgp
Description: PGP signature
