[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: ProFTPD ASCII File Remote Compromise Vulnerability
From:       Sven Hoexter <sven () timegate ! de>
Date:       2003-09-24 12:13:53
[Download RAW message or body]

On Tue, Sep 23, 2003 at 04:26:14PM -0400, Matt Zimmerman wrote:
> On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote:

Hi,

> > Looking for the Debian Woody patch.  Anyone know if it is available or if
> > this version is exploitable?
> 
> According to the maintainer, the version in woody is not affected by this
> bug.
Quoting TJ Saunders from
http://sourceforge.net/mailarchive/forum.php?thread_id=3173947&forum_id=2637
========================================================================
byg>BTW, How about version prior 1.2.7?
 
They are believed to not have this bug.  I would recommend upgrading to
one of the patched releases, just to be certain.
 
TJ
=========================================================================
Hmmm that's why I hate advisorys without PoC Code or detailed descriptions.

diffing the source code might help ...

Sven
-- 
http://www.comboguano.de
http://sven.linux-ist-pleite.de
I'm root, if you see me laughing you better have a backup!


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]