Package name
Advisory ID
Affected versions
7.2 i586

Problem description

The ProFTPD FTP server has problems with memory leaking that could be used in a DoS attack, as reported by Wojciech Purczynski. A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed.

Updated packages

7.2 i586

 a2e330bd49855d74bfbb2f1e80c3e312  7.2/RPMS/proftpd-1.2.0rc3-1.1mdk.i586.rpm
3ec2a5ee6b834e1193de5e3b738eaa53  7.2/SRPMS/proftpd-1.2.0rc3-1.1mdk.src.rpm