Bug 5047 - Proftpd 1.2.0pre3-6 package is still vulnerable to buffer overflows
Summary: Proftpd 1.2.0pre3-6 package is still vulnerable to buffer overflows
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: proftpd
Version: 6.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
: 4999 5000 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 1999-09-10 15:38 UTC by Mike McHenry
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-11-13 00:40:30 UTC

Attachments (Terms of Use)

Description Mike McHenry 1999-09-10 15:38:46 UTC
The updated proftpd-1.2.0pre3-6 package is still vulnerable
to several buffer overflow exploits. Pick up proftpd-
1.2.0pre5 at ftp://ftp.tos.net/pub/proftpd for a patched

ftp.tos.net is the new location for the maintained proftpd,
check out the mailing list archives at www.proftpd.org for
verification and explanations of the bugs found.

I apologize if this bug report is a duplicate, I could have
sworn I submitted one yesterday as well.

Comment 1 Tim Powers 1999-09-20 20:42:59 UTC
I got two otherslike this. Take a look a the pre6 package that was
built, it's in ftp://rawhide.redhat.com/rawhide/powertools , that
should do the trick.


Comment 2 Tim Powers 1999-09-20 20:43:59 UTC
*** Bug 5000 has been marked as a duplicate of this bug. ***

According to the proftpd development list the overflow
problems in 1.2.0pre3 and 4 were not properly fixed. The
updated version of Redhat 1.2.0pre3-6 is still vulnerable
as far as I can tell.

ftp://ftp.tos.net/pub/proftpd is the new location of
proftpd, the old ftp.proftpd.org is no longer being
maintained it appears. 1.2.0pre5 fixes all known buffer
overflow vulnerabilities.

Comment 3 Tim Powers 1999-09-20 20:44:59 UTC
*** Bug 4999 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.