Package: proftpd Version: 1.3.0-19etch1 Severity: normal ProFTP TLS/SSL Module does not handle the RFC 4346 correct!
So the connection can be vulnerable to spoofed FIN packets. See the follow addresses http://forum.filezilla-project.org/viewtopic.php?f=2&t=7688 the bug report and a fix is avalible on http://bugs.proftpd.org/show_bug.cgi?id=2753 hope that this can fixed in the stable release! Thanks, Thomas -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (900, 'stable'), (90, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-4-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages proftpd depends on: ii adduser 3.102 Add and remove users and groups ii debconf 1.5.11etch2 Debian configuration management sy ii debianutils 2.17 Miscellaneous utilities specific t ii libacl1 2.2.41-1 Access control list shared library ii libattr1 2.4.32-1 Extended attribute shared library ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libmysqlclient15off 5.0.32-7etch6 mysql database client library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libpam-runtime 0.79-5 Runtime support for the PAM librar ii libpam0g 0.79-5 Pluggable Authentication Modules l ii libpq4 8.1.11-0etch1 PostgreSQL C client library ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii netbase 4.29 Basic TCP/IP networking system ii perl 5.8.8-7etch3 Larry Wall's Practical Extraction ii ucf 2.0020 Update Configuration File: preserv ii zlib1g 1:1.2.3-13 compression library - runtime proftpd recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
