Debian 2.2: DSA-029-1 Critical: Proftpd Remote DoS Issues
debian
February 11, 2001
Remote DOS & potential buffer overflow exist with previous versions of proftpd
Topics Covered
Summary
Package: proftpd
Vulnerability: remote DOS & potential buffer overflow
Debian-specific: no
The following problems have been reported for the version of proftpd in
Debian 2.2 (potato):
1. There is a memory leak in the SIZE command which can result in a
denial of service, as reported by Wojciech Purczynski. This is only a
problem if proftpd cannot write to its scoreboard file; the default
configuration of proftpd in Debian is not vulnerable.
2. A similar memory leak affects the USER command, also as reported by
Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this
vulnerability; an attacker can cause the proftpd daemon to crash by
exhausting its available memory.
3. There were some format string vulnerabilities reported by Przemyslaw
Frasunek. These are not known to have exploits, but have been corrected
as a precaution.
All three of the above vulnerabilities have been corrected in
proftpd-1.2.0pre10-2potato1. We recommend you upgrade your proftpd
package immediately.
wget url
wil...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!