Bug 34593 - Possible nasty ProFTPd security hole
Summary: Possible nasty ProFTPd security hole
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: proftpd   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-03 23:45 UTC by Chris Evans
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-04 06:01:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Evans 2001-04-03 23:45:24 UTC
Wheee... I get to use the new "Security issues"
group :-)
There is a draft CERT advisory circulating regarding
FTP servers and glob() related vulnerabilities and
overflows. The advisory has been posted to vendor-sec
which I believe lots of RedHat developers are on or
have access to.
In response to the CERT advisory, someone suggested
that ProFTPd was likely vulnerable. It would be cool
to check that, and if it is indeed vulnerable,
sneakily release RH7.1 powertools with a fixed
version so as to avoid a RH7.1 security update.

Comment 1 Bill Nottingham 2001-04-04 06:01:06 UTC
proftpd hasn't been in powertools since 6.0. ;)

Comment 2 Chris Evans 2001-04-05 21:02:00 UTC
All together now... "D'oh!!" :-)

Note You need to log in before you can comment on or make changes to this bug.