Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20061204151351-dd049-31590dc17b24a4cad28d0ed2b4cb7f280ff2efa3.gz;
[FSA61-proftpd
voroskoi <[EMAIL PROTECTED]>**20061204151351] {
hunk ./frugalware/xml/security.xml 29
+ <fsa>
+ <id>61</id>
+ <date>2006-12-04</date>
+ <author>voroskoi</author>
+ <package>proftpd</package>
+ <vulnerable>1.3.0-2siwenna1</vulnerable>
+ <unaffected>1.3.0-3siwenna1</unaffected>
+ <bts>http://bugs.frugalware.org/task/1461</bts>
+
<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815</cve>
+ <desc>Evgeny Legerov has reported a vulnerability in ProFTPD,
which potentially can be exploited by malicious user's to compromise a
vulnerable system.
+ The vulnerability is caused due to an off-by-one error
within the "sreplace()" function in src/support.c. This can be exploited to
cause a buffer overflow by e.g. uploading a malicious ".message" file or
sending specially crafted commands to the server.
+ Successful exploitation may allow execution of
arbitrary code.</desc>
+ </fsa>
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
