[BlueOnyx:02205] Possible ProFTPD vuln?
DD
bqlist at distortal.com
Wed Aug 26 06:30:17 -05 2009
Hi all,
I received this from McAfee Secure this morning - they scan one of our
client's websites:
---- 8< ----
The remote host is using ProFTPD, a free FTP server for Unix and Linux.
The version of ProFTPD running on the remote host splits an overly long FTP
command into a series of shorter ones and executes each in turn. If an
attacker can trick a ProFTPD administrator into accessing a
specially-formatted HTML link, he may be able to cause arbitrary FTP
commands to be executed in the context of the affected application with the
administrator's privileges.
Apply the patch included in the bug report or upgrade to the latest version
in CVS. Fix is avalible on cvs:
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/extern.h
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y
---- >8 ----
Is this already available/pending as part of a YUM update?
DD
More information about the Blueonyx
mailing list