[BlueOnyx:02211] Re: Possible ProFTPD vuln?
Billing - Precision Web Hosting, Inc
kenlists at precisionweb.net
Wed Aug 26 11:03:31 -05 2009
----- Original Message -----
From: "Michael Stauber" <mstauber at blueonyx.it>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Wednesday, August 26, 2009 7:13 AM
Subject: [BlueOnyx:02207] Re: Possible ProFTPD vuln?
> Hi DD,
>
>> I received this from McAfee Secure this morning - they scan one of our
>> client's websites:
>>
>> ---- 8< ----
>> The remote host is using ProFTPD, a free FTP server for Unix and Linux.
>> The version of ProFTPD running on the remote host splits an overly long
>> FTP
>> command into a series of shorter ones and executes each in turn. If an
>> attacker can trick a ProFTPD administrator into accessing a
>> specially-formatted HTML link, he may be able to cause arbitrary FTP
>> commands to be executed in the context of the affected application with
>> the
>> administrator's privileges.
>>
>> Apply the patch included in the bug report or upgrade to the latest
>> version
>> in CVS. Fix is avalible on cvs:
>> http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c
>> http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/extern.h
>> http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y
>> ---- >8 ----
>>
>> Is this already available/pending as part of a YUM update?
>
> BlueOnyx uses ProFTPd 1.3.2a, which is the latest version of ProFTPd. It
> was
> released by proftpd.org on 30th June 2009.
>
> The SVN commits that your message mentions were made 11 months ago.
>
> So yeah, these updates are already included in "our" ProFTPd.
>
> --
> With best regards
>
> Michael Stauber
>
Try adding this to your /etc/proftpd.conf
within your <Global> container
ServerIdent off
Then have them rescan.
Ken Marcus
Precision Web Hosting, Inc.
More information about the Blueonyx
mailing list