Joined: 12 May 2004
|Posted: Wed Sep 25, 2013 1:26 am Post subject: [ GLSA 201309-15 ] ProFTPD: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: ProFTPD: Multiple vulnerabilities (GLSA 201309-15)
Exploitable: local, remote
Date: September 24, 2013
Bug(s): #305343, #343389, #348998, #354080, #361963, #390075, #450746, #484614
Multiple vulnerabilities have been found in ProFTPD, the worst of
which leading to remote execution of arbitrary code.
ProFTPD is an advanced and very configurable FTP server.
Vulnerable: < 1.3.4d
Unaffected: >= 1.3.4d
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in ProFTPD. Please review
the CVE identifiers referenced below for details.
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, perform man-in-the-middle attacks to spoof
arbitrary SSL servers, cause a Denial of Service condition, or read and
modify arbitrary files.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"
Last edited by GLSA on Tue Jun 24, 2014 4:31 am; edited 2 times in total
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum