MDKSA-2003:095

Package name

proftpd

Date

2003-09-26

Advisory ID

MDKSA-2003:095

Affected versions

9.2 i586 , 9.1 i586 , 9.1 i586

Problem description

A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability.

Updated packages

9.2 i586

 1d9b21bcb2a18fa43158c0c0aa25d13d  9.2/RPMS/proftpd-1.2.8-5.1.92mdk.i586.rpm
80c5b73c6e33444e2dd91659c2b897bd  9.2/RPMS/proftpd-anonymous-1.2.8-5.1.92mdk.i586.rpm
ea89351b37a5572fac3f45b27a80b0f3  9.2/SRPMS/proftpd-1.2.8-5.1.92mdk.src.rpm

9.1 i586

 280ff4f9b4bcf64f4ad5dac03e166113  ppc/9.1/RPMS/proftpd-1.2.8-1.1.91mdk.ppc.rpm
ab5f599256e4587e22258821a7854221  ppc/9.1/RPMS/proftpd-anonymous-1.2.8-1.1.91mdk.ppc.rpm
cc47eb3dd724eb5a7570e4571b173d6b  ppc/9.1/SRPMS/proftpd-1.2.8-1.1.91mdk.src.rpm

9.1 i586

 7ad667bd30ee6a26daa8bb4db6d5d8eb  9.1/RPMS/proftpd-1.2.8-1.1.91mdk.i586.rpm
df578f06c818a862ed641124747f90ff  9.1/RPMS/proftpd-anonymous-1.2.8-1.1.91mdk.i586.rpm
cc47eb3dd724eb5a7570e4571b173d6b  9.1/SRPMS/proftpd-1.2.8-1.1.91mdk.src.rpm

References

• http://xforce.iss.net/xforce/alerts/id/154
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0831