ports/106007: proftpd security bugs
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Nov 29 11:30:16 UTC 2006
>Number: 106007
>Category: ports
>Synopsis: proftpd security bugs
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 29 11:30:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Matus UHLAR - fantomas
>Release: 4.11
>Organization:
GTS Nextra a.s.
>Environment:
FreeBSD w01 4.11-RELEASE-p18 FreeBSD 4.11-RELEASE-p18 #7: Fri Jun 2 10:25:29 CEST 2006 root at w01:/shared1/rw/os/FreeBSD/i386/obj/RELENG_4_11/shared1/rw/os/FreeBSD/i386/src/RELENG_4_11/sys/i686_SP i386
>Description:
two ProFTPD bugs were reported in last time (except the one fixed in bug 105510):
http://secunia.com/advisories/22803/
ProFTPD "sreplace()" Buffer Overflow Vulnerability
- http://bugs.proftpd.org/show_bug.cgi?id=2858
- ProFTP 1.0.3a was released due to this error
http://secunia.com/advisories/23141/
ProFTPD mod_tls Buffer Overflow Vulnerability
- http://bugs.proftpd.org/show_bug.cgi?id=2860
>How-To-Repeat:
>Fix:
first can be fixed by using patch
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/support.c?r1=1.78&r2=1.80&view=patch&sortby=date
(against proftpd-1.3.0 release, not the "previous" version mentioned in proftpd bug 2858) or by upgrading to proftpd-1.3.0a
the second can be fixed by http://bugs.proftpd.org/attachment.cgi?id=2548&action=view
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list