I have just confirmed this bug using the command from the Debian Bug
linked in this report.
perl -e 'print "A"x1022,"QUIT\n"' | nc localhost 21
I checked this against a fully updated Hardy Heron 8.04 LTS system
running ProFTPd 1.3.1-6ubuntu1.
If the command above prints out "Goodbye", then the version of ProFTPd
is vulnerable.
** Changed in: proftpd-dfsg (Ubuntu)
Status: Invalid => Confirmed
--
ProFTPD in Hardy vulnerable to CVE-2008-4242
https://bugs.launchpad.net/bugs/310949
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
