[Bug 327] ProFTPD-1.2.8p

Dan Osterrath do3 at mail.inf.tu-dresden.de
Fri Sep 26 06:43:53 PDT 2003

Am Freitag, 26. September 2003 15:16 schrieb blfs-bugs at linuxfromscratch.org:
> "X-Force Research at ISS has discovered a remote exploit in ProFTPD's
> handling of ASCII translations that an attacker, by downloading a carefully
> crafted file, can exploit and gain a root shell.
> The source distributions on ftp.proftpd.org have all been replaced with
> patched versions. All ProFTPD users are strongly urged to upgrade to one of
> the patched versions as soon as possible."

Probably this should also go to LFS.security as some might not read BLFS.book.

%> ln -s /dev/null /dev/brain
%> ln -s /dev/urandom /dev/world
%> dd if=/dev/world of=/dev/brain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030926/e6574794/attachment.sig>

More information about the lfs-security mailing list