suse-security@fortytwo.ch (Adrian von Bidder) writes:
acidrain@HACKBOX.COM posted a proftpd exploit (buffer overflow, it seems) some days ago (27.8.). Does somebody know of the proFTPd release used in SuSE 6.0/6.1/6.2 are vulnerable to this? Is there a new rpm that is not vulnerable?
There seems to be no rpm yet, but a new version is available. It is not stated on the site yet, but on the ProFTPD mailinglist version 1.2.0pre4 was announced, which fixes the bug that was mailed to Bugtraq this weekend. <snip from "MacGyver" <macgyver@tos.net> > Until then, I'm announcing ProFTPD 1.2.0pre4 -- this fixes the bug announced on BUGTRAQ, as well as addresses (hopefully) all the sprintf-style buffer overruns in ProFTPD. Please download, test, and knock it around. I suspect this version will still fail on FreeBSD (anyone care to offer up an account for me on a FreeBSD system to test on?). You may get 1.2.0pre4 at ftp://ftp.tos.net/pub/proftpd/. </snip> The problem is that I get a lot of errors when I try to compile the package under SuSE 6.2. :-( Regards, Jochen -- *** Linux BBS: Die deutsche Website fuer Linux-News und -Infos *** http://www.linuxbbs.org/