Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3867 to the following vulnerability: Name: CVE-2010-3867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867 Assigned: 20101008 Reference: MLIST:[oss-security] 20101101 Re: Proftpd pre-authentication buffer overflow in Telnet code Reference: URL: http://www.openwall.com/lists/oss-security/2010/11/01/4 Reference: CONFIRM: http://bugs.proftpd.org/show_bug.cgi?id=3519 Reference: CONFIRM: http://www.proftpd.org/docs/NEWS-1.3.3c Reference: BID:44562 Reference: URL: http://www.securityfocus.com/bid/44562 Reference: SECUNIA:42052 Reference: URL: http://secunia.com/advisories/42052 Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
Created proftpd tracking bugs for this issue Affects: fedora-all [bug 651608]
I believe this one can be closed now.
All current releases now have this fixed. F-15 and Rawhide have 1.3.4rc2. EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.