Debian GNU/Linux 2.1 Security Advisory: Proftpd Remote Overflow Fix
debian
December 13, 1999
The proftpd version that was distributed in Debian GNU/Linux 2.1
had several buffer overruns that could be exploited by remote
attackers
Topics Covered
Summary
The proftpd version that was distributed in Debian GNU/Linux 2.1
had several buffer overruns that could be exploited by remote
attackers. A short list of problems:
* user input was used in snprintf() without sufficient checks
* there was an overflow in the log_xfer() routine
* you could overflow a buffer by using very long pathnames
Please not that this is not meant to be an exhaustive list.
In addition to the security fixes a couple of Y2K problems were also
fixed.
We have made a new package with version 1.2.0pre9-4 to address these
issues, and we recommend to upgrade your proftpd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
p
re9-4.diff.gz
MD5 checksum: d703d0e3aea53b480756010189ce38ae
pre9-
4.dsc
MD5 checksum: 074aee046bd22429d98d4928bc...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!