Re: Bug proftpd

Lombardo Federico wrote:
> Volevo segnalare che da ieri è disponibile una nuova versione i proftpd che
> risolver un grave problema di remote exploit.
>
> Avviso in mailing perchè non ho visto ancora nessun advisor nei canali
> classici (securityfocus etc. etc.).

Da proftpd.org:

X-Force Research Discovers Remote Exploit
[23/Sep/2003]

X-Force Research at ISS has discovered a remote exploit in ProFTPD's 
handling of ASCII translations that an attacker, by downloading a 
carefully crafted file, can exploit and gain a root shell.

The source distributions on ftp.proftpd.org have all been replaced with 
patched versions. All ProFTPD users are strongly urged to upgrade to one 
of the patched versions as soon as possible.

The ProFTPD Project team would like to heartily thank the X-Force 
engineers for the responsible and professional way in which they 
reported the vulnerability, and worked with the ProFTPD Project team to 
address the issue.

Per gli utenti slackware:

WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/proftpd-1.2.8p-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/proftpd-1.2.8p-i386-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.2.8p-i486-1.tgz

--
Paolo Radice
Amministrazione dei sistemi / Sviluppo software
BUSINET - Tecnologia per il tuo business.
_______________________________________________

email: paolo.radice@xxxxxxxxxx
videofonino: 392.0998310
_______________________________________________

web: www.businet.it
supporto: 199.763643



________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List