Bug 34593 - Possible nasty ProFTPd security hole
Summary: Possible nasty ProFTPd security hole
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: proftpd   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-04-03 23:45 UTC by Chris Evans
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-04 06:01:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris Evans 2001-04-03 23:45:24 UTC
Wheee... I get to use the new "Security issues"
group :-)
.
There is a draft CERT advisory circulating regarding
FTP servers and glob() related vulnerabilities and
overflows. The advisory has been posted to vendor-sec
which I believe lots of RedHat developers are on or
have access to.
.
In response to the CERT advisory, someone suggested
that ProFTPd was likely vulnerable. It would be cool
to check that, and if it is indeed vulnerable,
sneakily release RH7.1 powertools with a fixed
version so as to avoid a RH7.1 security update.

Comment 1 Bill Nottingham 2001-04-04 06:01:06 UTC
proftpd hasn't been in powertools since 6.0. ;)

Comment 2 Chris Evans 2001-04-05 21:02:00 UTC
All together now... "D'oh!!" :-)



Note You need to log in before you can comment on or make changes to this bug.