In this column, we look at several problems with ProFTPD; a Trojan Horse application disguised as an exploit; buffer overflows in the glibc library, dtspcd, wmcube-gdk, and Mandrake Linux's Kerberos telnet; and problems in Slash, IBM Websphere, popauth, Aftpd, TWIG, PGPMail.pl, . . .
In this column, we look at several problems with ProFTPD; a Trojan Horse application disguised as an exploit; buffer overflows in the glibc library, dtspcd, wmcube-gdk, and Mandrake Linux's Kerberos telnet; and problems in Slash, IBM Websphere, popauth, Aftpd, TWIG, PGPMail.pl, and the Cisco SN 5420 Storage Router.

The ProFTPD FTP daemon is vulnerable to a denial-of-service attack and a problem in resolving some host names properly. The denial-of-service attack can be used by a remote attacker to cause ProFTPD to consume all of the CPU and memory on the server. The resolution problem is caused by ProFTPD not properly forward-resolving reverse-resolved host names, and could be used by an attacker to get around ProFTPD access control lists or to log incorrect host names. Users should consider upgrading ProFTPD to version 1.2.5rc1 or newer.