A heap-based buffer overflow flaw was found in the way ProFTPD FTP server
prepared SQL queries for certain usernames, when the mod_sql module was
enabled. A remote, unauthenticated attacker could use this flaw to
cause proftpd daemon to crash or, potentially, to execute arbitrary
code with the privileges of the user running 'proftpd' via a specially-crafted
username, provided in the authentication dialog.
Upstream bug report:
 http://proftpd.org/docs/RELEASE_NOTES-1.3.3d (ProFTPD v1.3.3d release notes)
This issue affects the versions of the proftpd package, as shipped
with Fedora release of 13 and 14.
This issue affects the versions of the proftpd package, as present
within EPEL-4 and EPEL-5 repositories.
Please rebase to latest (1.3.3d) version.
Created proftpd tracking bugs for this issue
Affects: fedora-all [bug 670172]
Do these Security Response bugs ever get closed?
they are closed when the particular issue got addressed in all affected
versions. Which seems to be the case of this issue already. Thank you for
the updates. Closing.
(In reply to comment #3)
> Do these Security Response bugs ever get closed?