Red Hat Bugzilla – Bug 5047
Proftpd 1.2.0pre3-6 package is still vulnerable to buffer overflows
Last modified: 2008-05-01 11:37:51 EDT
The updated proftpd-1.2.0pre3-6 package is still vulnerable
to several buffer overflow exploits. Pick up proftpd-
1.2.0pre5 at ftp://ftp.tos.net/pub/proftpd for a patched
ftp.tos.net is the new location for the maintained proftpd,
check out the mailing list archives at www.proftpd.org for
verification and explanations of the bugs found.
I apologize if this bug report is a duplicate, I could have
sworn I submitted one yesterday as well.
I got two otherslike this. Take a look a the pre6 package that was
built, it's in ftp://rawhide.redhat.com/rawhide/powertools , that
should do the trick.
*** Bug 5000 has been marked as a duplicate of this bug. ***
According to the proftpd development list the overflow
problems in 1.2.0pre3 and 4 were not properly fixed. The
updated version of Redhat 1.2.0pre3-6 is still vulnerable
as far as I can tell.
ftp://ftp.tos.net/pub/proftpd is the new location of
proftpd, the old ftp.proftpd.org is no longer being
maintained it appears. 1.2.0pre5 fixes all known buffer
*** Bug 4999 has been marked as a duplicate of this bug. ***