Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20061204151351-dd049-31590dc17b24a4cad28d0ed2b4cb7f280ff2efa3.gz;
[FSA61-proftpd voroskoi <[EMAIL PROTECTED]>**20061204151351] { hunk ./frugalware/xml/security.xml 29 + <fsa> + <id>61</id> + <date>2006-12-04</date> + <author>voroskoi</author> + <package>proftpd</package> + <vulnerable>1.3.0-2siwenna1</vulnerable> + <unaffected>1.3.0-3siwenna1</unaffected> + <bts>http://bugs.frugalware.org/task/1461</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815</cve> + <desc>Evgeny Legerov has reported a vulnerability in ProFTPD, which potentially can be exploited by malicious user's to compromise a vulnerable system. + The vulnerability is caused due to an off-by-one error within the "sreplace()" function in src/support.c. This can be exploited to cause a buffer overflow by e.g. uploading a malicious ".message" file or sending specially crafted commands to the server. + Successful exploitation may allow execution of arbitrary code.</desc> + </fsa> } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs