The updated proftpd-1.2.0pre3-6 package is still vulnerable to several buffer overflow exploits. Pick up proftpd- 1.2.0pre5 at ftp://ftp.tos.net/pub/proftpd for a patched version. ftp.tos.net is the new location for the maintained proftpd, check out the mailing list archives at www.proftpd.org for verification and explanations of the bugs found. I apologize if this bug report is a duplicate, I could have sworn I submitted one yesterday as well.
I got two otherslike this. Take a look a the pre6 package that was built, it's in ftp://rawhide.redhat.com/rawhide/powertools , that should do the trick. Tim
*** Bug 5000 has been marked as a duplicate of this bug. *** According to the proftpd development list the overflow problems in 1.2.0pre3 and 4 were not properly fixed. The updated version of Redhat 1.2.0pre3-6 is still vulnerable as far as I can tell. ftp://ftp.tos.net/pub/proftpd is the new location of proftpd, the old ftp.proftpd.org is no longer being maintained it appears. 1.2.0pre5 fixes all known buffer overflow vulnerabilities.
*** Bug 4999 has been marked as a duplicate of this bug. ***