Bug 5047 - Proftpd 1.2.0pre3-6 package is still vulnerable to buffer overflows
Proftpd 1.2.0pre3-6 package is still vulnerable to buffer overflows
Product: Red Hat Powertools
Classification: Retired
Component: proftpd (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Tim Powers
: Security
: 4999 5000 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 1999-09-10 11:38 EDT by Mike McHenry
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-11-12 19:40:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike McHenry 1999-09-10 11:38:46 EDT
The updated proftpd-1.2.0pre3-6 package is still vulnerable
to several buffer overflow exploits. Pick up proftpd-
1.2.0pre5 at ftp://ftp.tos.net/pub/proftpd for a patched

ftp.tos.net is the new location for the maintained proftpd,
check out the mailing list archives at www.proftpd.org for
verification and explanations of the bugs found.

I apologize if this bug report is a duplicate, I could have
sworn I submitted one yesterday as well.
Comment 1 Tim Powers 1999-09-20 16:42:59 EDT
I got two otherslike this. Take a look a the pre6 package that was
built, it's in ftp://rawhide.redhat.com/rawhide/powertools , that
should do the trick.

Comment 2 Tim Powers 1999-09-20 16:43:59 EDT
*** Bug 5000 has been marked as a duplicate of this bug. ***

According to the proftpd development list the overflow
problems in 1.2.0pre3 and 4 were not properly fixed. The
updated version of Redhat 1.2.0pre3-6 is still vulnerable
as far as I can tell.

ftp://ftp.tos.net/pub/proftpd is the new location of
proftpd, the old ftp.proftpd.org is no longer being
maintained it appears. 1.2.0pre5 fixes all known buffer
overflow vulnerabilities.
Comment 3 Tim Powers 1999-09-20 16:44:59 EDT
*** Bug 4999 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.