Page 1 of 1

bugfix for proftpd

Posted: Mon Nov 01, 2010 5:39 pm
by BruceLee
Hi,

since I don't know if it's needed in ART psa-proftpd package I thought I just might ask.
A bugfix is out for this vulnerability:
When ProFTPd is compiled with mod_site_misc and when a directory is
writable, an attacker can use mod_site_misc to:
- create a directory located outside the writable directory
- delete a directory located outside the writable directory
- create a symlink located outside the writable directory
- change the time of a file located outside the writable directory

SOURCE:
http://bugs.proftpd.org/show_bug.cgi?id=3519

Thanks a lot.

Re: bugfix for proftpd

Posted: Mon Nov 01, 2010 7:19 pm
by scott
Awesome, thanks for the heads up. Its very very appreciated, we try to stay on top of these things every day but sometimes we miss out in the daily flood. I'm really glad you caught this.

The update should be available in the [asl-2.0] repo shortly.

Re: bugfix for proftpd

Posted: Tue Nov 02, 2010 4:26 am
by BruceLee
Great. Thank you very much. I will pop up with that kind of stuff whenever I see it.