Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 34593 - Possible nasty ProFTPd security hole
Possible nasty ProFTPd security hole
Product: Red Hat Powertools
Classification: Retired
Component: proftpd (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Powers
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-04-03 19:45 EDT by Chris Evans
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-04 02:01:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2001-04-03 19:45:24 EDT
Wheee... I get to use the new "Security issues"
group :-)
There is a draft CERT advisory circulating regarding
FTP servers and glob() related vulnerabilities and
overflows. The advisory has been posted to vendor-sec
which I believe lots of RedHat developers are on or
have access to.
In response to the CERT advisory, someone suggested
that ProFTPd was likely vulnerable. It would be cool
to check that, and if it is indeed vulnerable,
sneakily release RH7.1 powertools with a fixed
version so as to avoid a RH7.1 security update.
Comment 1 Bill Nottingham 2001-04-04 02:01:06 EDT
proftpd hasn't been in powertools since 6.0. ;)
Comment 2 Chris Evans 2001-04-05 17:02:00 EDT
All together now... "D'oh!!" :-)

Note You need to log in before you can comment on or make changes to this bug.