MDKSA-2003:095-1
- Package name
- proftpd
- Date
- 2003-12-31
- Advisory ID
- MDKSA-2003:095-1
- Affected versions
- 9.2 i586 , 9.1 i586 , 9.1 i586 , 9.2 amd64
Problem description
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability. Update: The previous update had a bug where the new packages would terminate with a SIGNAL 11 when the command "NLST -alL" was performed in certain cases, such as if the size of the output of the command was greater than 1024 bytes. These updated packages have a fix applied to prevent this crash.
Updated packages
9.2 i586
617b0c84327b2afbd6675e6acaa7bbcd 9.2/RPMS/proftpd-1.2.8-5.2.92mdk.i586.rpm ddabaf53095a796e651a9e01d086233d 9.2/RPMS/proftpd-anonymous-1.2.8-5.2.92mdk.i586.rpm 0b5d0c9796ab76e543870a6d6e6eb9ea 9.2/SRPMS/proftpd-1.2.8-5.2.92mdk.src.rpm
9.1 i586
2b2a2063166a572d4d31cb3e3d056c67 ppc/9.1/RPMS/proftpd-1.2.8-1.2.91mdk.ppc.rpm 9d0ecbc3a8a8c815213503c9e1f01c4d ppc/9.1/RPMS/proftpd-anonymous-1.2.8-1.2.91mdk.ppc.rpm 16e30f6aebccc65af15f5a5a306a3796 ppc/9.1/SRPMS/proftpd-1.2.8-1.2.91mdk.src.rpm
9.1 i586
986257995c1d51896466b4f7e00845e4 9.1/RPMS/proftpd-1.2.8-1.2.91mdk.i586.rpm 2d5a537ca3e78399de428bb8ecace8de 9.1/RPMS/proftpd-anonymous-1.2.8-1.2.91mdk.i586.rpm 16e30f6aebccc65af15f5a5a306a3796 9.1/SRPMS/proftpd-1.2.8-1.2.91mdk.src.rpm
9.2 amd64
fa8be3631de1d31611fa2c495300d1b8 amd64/9.2/RPMS/proftpd-1.2.8-5.2.92mdk.amd64.rpm b9ef046d841cf664bfa6799446f2989d amd64/9.2/RPMS/proftpd-anonymous-1.2.8-5.2.92mdk.amd64.rpm 0b5d0c9796ab76e543870a6d6e6eb9ea amd64/9.2/SRPMS/proftpd-1.2.8-5.2.92mdk.src.rpm