On Thu, Dec 16, 2010 at 09:40:59AM +0100, Sander Klein wrote: > Package: proftpd > Version: 1.3.1-17lenny4 > Severity: important > > It seems that you can force proftp in a denial of service situation. I think > it is related to CVE-2010-3867. > > Proftpd doesn't seem to be vulnerable to the exploit, most likely since I > do not have mod_site_misc module enabled but it does start to eat a lot > of cpu time and makes the server unusable. > > Backporting and upgrading to the latest version in testing fixes this > problem. >
It is known, I will prepare a fix for next point release, because secteam judged it of minor impact. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
