Date: Wed, 29 Nov 2006 11:29:07 GMT From: Matus UHLAR - fantomas<uhlar@fantomas.sk> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/106007: proftpd security bugs Message-ID: <200611291129.kATBT7w4028925@www.freebsd.org> Resent-Message-ID: <200611291130.kATBUFl3016061@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 106007 >Category: ports >Synopsis: proftpd security bugs >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 29 11:30:14 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Matus UHLAR - fantomas >Release: 4.11 >Organization: GTS Nextra a.s. >Environment: FreeBSD w01 4.11-RELEASE-p18 FreeBSD 4.11-RELEASE-p18 #7: Fri Jun 2 10:25:29 CEST 2006 root@w01:/shared1/rw/os/FreeBSD/i386/obj/RELENG_4_11/shared1/rw/os/FreeBSD/i386/src/RELENG_4_11/sys/i686_SP i386 >Description: two ProFTPD bugs were reported in last time (except the one fixed in bug 105510): http://secunia.com/advisories/22803/ ProFTPD "sreplace()" Buffer Overflow Vulnerability - http://bugs.proftpd.org/show_bug.cgi?id=2858 - ProFTP 1.0.3a was released due to this error http://secunia.com/advisories/23141/ ProFTPD mod_tls Buffer Overflow Vulnerability - http://bugs.proftpd.org/show_bug.cgi?id=2860 >How-To-Repeat: >Fix: first can be fixed by using patch http://proftp.cvs.sourceforge.net/proftp/proftpd/src/support.c?r1=1.78&r2=1.80&view=patch&sortby=date (against proftpd-1.3.0 release, not the "previous" version mentioned in proftpd bug 2858) or by upgrading to proftpd-1.3.0a the second can be fixed by http://bugs.proftpd.org/attachment.cgi?id=2548&action=view >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611291129.kATBT7w4028925>