Paketname
proftpd
Datum
2003-12-31
Advisory ID
MDKSA-2003:095-1
Betroffene Versionen
9.2 i586 , 9.1 i586 , 9.1 i586 , 9.2 amd64

Problembeschreibung

A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability. Update: The previous update had a bug where the new packages would terminate with a SIGNAL 11 when the command "NLST -alL" was performed in certain cases, such as if the size of the output of the command was greater than 1024 bytes. These updated packages have a fix applied to prevent this crash.

Aktualisierte Pakete

9.2 i586

 617b0c84327b2afbd6675e6acaa7bbcd  9.2/RPMS/proftpd-1.2.8-5.2.92mdk.i586.rpm
ddabaf53095a796e651a9e01d086233d  9.2/RPMS/proftpd-anonymous-1.2.8-5.2.92mdk.i586.rpm
0b5d0c9796ab76e543870a6d6e6eb9ea  9.2/SRPMS/proftpd-1.2.8-5.2.92mdk.src.rpm

9.1 i586

 2b2a2063166a572d4d31cb3e3d056c67  ppc/9.1/RPMS/proftpd-1.2.8-1.2.91mdk.ppc.rpm
9d0ecbc3a8a8c815213503c9e1f01c4d  ppc/9.1/RPMS/proftpd-anonymous-1.2.8-1.2.91mdk.ppc.rpm
16e30f6aebccc65af15f5a5a306a3796  ppc/9.1/SRPMS/proftpd-1.2.8-1.2.91mdk.src.rpm

9.1 i586

 986257995c1d51896466b4f7e00845e4  9.1/RPMS/proftpd-1.2.8-1.2.91mdk.i586.rpm
2d5a537ca3e78399de428bb8ecace8de  9.1/RPMS/proftpd-anonymous-1.2.8-1.2.91mdk.i586.rpm
16e30f6aebccc65af15f5a5a306a3796  9.1/SRPMS/proftpd-1.2.8-1.2.91mdk.src.rpm

9.2 amd64

 fa8be3631de1d31611fa2c495300d1b8  amd64/9.2/RPMS/proftpd-1.2.8-5.2.92mdk.amd64.rpm
b9ef046d841cf664bfa6799446f2989d  amd64/9.2/RPMS/proftpd-anonymous-1.2.8-5.2.92mdk.amd64.rpm
0b5d0c9796ab76e543870a6d6e6eb9ea  amd64/9.2/SRPMS/proftpd-1.2.8-5.2.92mdk.src.rpm

Referenzen