MDKSA-2002:005

Nom du paquet

proftpd

Date

2002-01-17

Advisory ID

MDKSA-2002:005

Affected versions

8.1 i586 , 8.0 i586 , 8.1 i586 , 7.2 i586 , 8.0 i586

Problem description

Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD server and it would force the process to consume all CPU and memory resources available to it. This DoS vulnerability could bring the server down with repeated attacks. Finally, Mattias found a segmentation fault problem that is considered by the developers to be unexploitable.

Updated packages

8.1 i586

 d4b9c58e224cbc878c155dde708d9e11  8.1/RPMS/proftpd-1.2.5-0.rc1.1mdk.i586.rpm
bd96b79efd19cd75a575bbbaddb470ca  8.1/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm

8.0 i586

 23615350724cd39e1f2bbe1e96a646bd  8.0/RPMS/proftpd-1.2.5-0.rc1.1mdk.i586.rpm
bd96b79efd19cd75a575bbbaddb470ca  8.0/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm

8.1 i586

 95fb66a24145dc07593c01f7ea487505  ia64/8.1/RPMS/proftpd-1.2.5-0.rc1.2mdk.ia64.rpm
dca5b53c1cf01c5354dd0d88451a3115  ia64/8.1/SRPMS/proftpd-1.2.5-0.rc1.2mdk.src.rpm

7.2 i586

 7250ef2a6f2f71eb3e028920834ec093  7.2/RPMS/proftpd-1.2.5-0.rc1.1.2mdk.i586.rpm
0d8ef514ea6bf73168e29e206eb01a64  7.2/SRPMS/proftpd-1.2.5-0.rc1.1.2mdk.src.rpm

8.0 i586

 427f4e7c110036c630bf91cc21140826  ppc/8.0/RPMS/proftpd-1.2.5-0.rc1.1mdk.ppc.rpm
bd96b79efd19cd75a575bbbaddb470ca  ppc/8.0/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm

References

• http://online.securityfocus.com/bid/3310
• http://www.securityfocus.com/archive/1/169395
• http://www.securityfocus.com/archive/1/246331
• http://www.proftpd.org/critbugs.html