Red Hat Bugzilla – Bug 34593
Possible nasty ProFTPd security hole
Last modified: 2008-05-01 11:38:00 EDT
Wheee... I get to use the new "Security issues"
There is a draft CERT advisory circulating regarding
FTP servers and glob() related vulnerabilities and
overflows. The advisory has been posted to vendor-sec
which I believe lots of RedHat developers are on or
have access to.
In response to the CERT advisory, someone suggested
that ProFTPd was likely vulnerable. It would be cool
to check that, and if it is indeed vulnerable,
sneakily release RH7.1 powertools with a fixed
version so as to avoid a RH7.1 security update.
proftpd hasn't been in powertools since 6.0. ;)
All together now... "D'oh!!" :-)