-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-16
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 25 May 2009
 Last revised: 25 May 2009

 Package: proftpd

 Summary: CIDR based ACL vulnerability

 More information:
    ProFTPD grew out of the desire to have a secure and configurable FTP
 server,
    and out of a significant admiration of the Apache web server.

    ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL
 entries
    as if they were AllowAll, which could allow FTP clients to bypass intended
    access restrictions. (CVE-2004-0432)

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   proftpd-1.2.9-14.src.rpm
       838130 7577322c7b7e3e2b87aabbb992cdafea

   Binary Packages
   Size: MD5

   proftpd-1.2.9-14.i586.rpm
       497768 0037cd3db3a81f0c5dcc7ddbcf061274

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   proftpd-1.2.9-14.src.rpm
       838130 7577322c7b7e3e2b87aabbb992cdafea

   Binary Packages
   Size: MD5

   proftpd-1.2.9-14.i586.rpm
       497768 0037cd3db3a81f0c5dcc7ddbcf061274


 References:

 CVE
   [CVE-2004-0432]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0432

 --------------------------------------------------------------------------
 Revision History
    25 May 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoacdsACgkQK0LzjOqIJMw0jACfTRhND2C1SyXXzLlspuD+wRBm
3fEAoJVaGLAPXxu5E1VfpGpeMK5URR15
=geZc
-----END PGP SIGNATURE-----