*** This bug is a duplicate of bug 674798 ***
https://bugs.launchpad.net/bugs/674798
This bug was fixed in the package proftpd-dfsg - 1.3.2c-1ubuntu0.1
---------------
proftpd-dfsg (1.3.2c-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Telnet IAC processing stack overflow.
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of ProFTPD. Authentication is not required to
exploit this vulnerability.
(LP: #674646)
- debian/patches/3521.patch: adjust src/netio.c to check buflen properly.
- http://bugs.proftpd.org/attachment.cgi?id=3521
- CVE-2010-4221
* SECURITY UPDATE: Inappropriate directory traversal allowed by
mod_site_misc. This vulnerability can be used to:
- create a directory located outside the writable directory
- delete a directory located outside the writable directory
- create a symlink located outside the writable directory
- change the time of a file located outside the writable directory.
(LP: #674798)
- debian/patches/CVE_2010_3867.dpatch: based on debian 3519.dpatch
backported to v1.3.2
- http://bugs.proftpd.org/attachment.cgi?id=3519
- CVE-2010-3867
-- Neil Wilson <[email protected]> Sat, 13 Nov 2010 11:51:28 +0000
** Changed in: proftpd-dfsg (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4221
--
Telnet IAC processing stack overflow
https://bugs.launchpad.net/bugs/674646
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
