Page 1 of 3
[atomic] psa-proftpd 1.3.3c
Posted: Tue Nov 02, 2010 12:16 pm
by scott
This is duplicated from the ASL 2.0 repo.
http://www.atomicorp.com/news/security-update.html
Atomicorp Security Advisory
Level: Moderate to High
This is an important security update for psa-proftpd. Versions from 1.2.10rc1 to 1.3.3b are vulnerable to certain classes of attack that would allow a malicious user to:
* create a directory located outside the writable directory
* delete a directory located outside the writable directory
* create a symlink located outside the writable directory
* change the time of a file located outside the writable directory
It is highly recommended that psa-proftpd users upgrade to 1.3.3c at their earliest opportunity.
Changelog:
- Update to version 1.3.3c
To upgrade:
yum upgrade psa-proftpd
Credits: We would like to thank BruceLee for bringing this issue to our attention, and the proftpd team for their rapid response in resolving this issue.
Re: [atomic] psa-proftpd 1.3.3c
Posted: Wed Nov 03, 2010 4:54 am
by BruceLee
Thanks Scott for providing the fix so quickly.
Re: [atomic] psa-proftpd 1.3.3c
Posted: Wed Nov 03, 2010 4:13 pm
by faris
Yes. this could have been a really bad problem. I'm really glad it is solved -- thanks Scott!!!
Re: [atomic] psa-proftpd 1.3.3c
Posted: Wed Nov 03, 2010 4:16 pm
by mikeshinn
If this vuln was actually against chroot then the ASL kernel would stop this vuln. ASL chroots are more like jails, its pretty hard to escape from them, so if they actually called the chroot function you're safe - if they use their own non-kernel enforced faux-chroot like thing, well yeah, they have a hole.
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 6:08 am
by camaran
if i install it i have error, econnrefused and i cannot connect to my ftp server
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 10:51 am
by mikeshinn
Whats in your systems logs? And are you running ASL?
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 10:54 am
by camaran
i'm not running asl but when i update this service i cannot connect to my ftp.
I use plesk
Where i can see the log?
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 11:20 am
by scott
/var/log/secure, and /var/log/messages are good places to start
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 1:18 pm
by camaran
This filezilla log:
Stato: Connessione a ******:21...
Stato: Tentativo di connessione non riuscito con "ECONNREFUSED - Connection refused by server".
Errore: Impossibile collegarsi al server
bin /var/log/messages and in /var/log/secure i not ave logs for ftp
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 3:35 pm
by scott
Im not sure what thats saying there, think you could translate that to english for me?
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 3:55 pm
by camaran
scott wrote:Im not sure what thats saying there, think you could translate that to english for me?
Done
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 6:27 pm
by avibodha
same thing for me, yum update a fresh server with plesk 10.0.1 and now FTP doesn't work. have proftpd 1.3.3c installed.
ftp localhost gives connection refused. nothing logged in messages or secure...also proftpd.conf was wiped. copied proftpd.conf from another plesk server but still not working.
any ideas?
thanks for any help
Re: [atomic] psa-proftpd 1.3.3c
Posted: Mon Nov 08, 2010 6:42 pm
by scott
You know I think breun probably figured this one out, you have to re-install the plesk xinetd package whose name escapes me at the moment.
Re: [atomic] psa-proftpd 1.3.3c
Posted: Wed Nov 10, 2010 12:36 pm
by BruceLee
didn't take long and there they go:
212.xxx.xxx.xxx (85.xxx.xxx.xxx[85.xxx.xxx.xxx]) - client sent too-long command, ignoring
Thanks to atomicorp we are safe from attacks concering that vulnerability
Re: [atomic] psa-proftpd 1.3.3c
Posted: Wed Nov 10, 2010 12:42 pm
by scott
Also I put out an update yesterday that should integrate with Plesk 10. It merges in the xinetd package from plesk 9.