Mehrere Probleme in proftpd
ID: | MDKSA-2002:005 |
Distribution: | Mandrake |
Plattformen: | Mandrake 7.2, Mandrake 8.0, Mandrake 8.1 |
Datum: | Fr, 18. Januar 2002, 12:00 |
Referenzen: | Keine Angabe |
Applikationen: | ProFTPD |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: proftpd Advisory ID: MDKSA-2002:005 Date: January 17th, 2002 Affected versions: 7.2, 8.0, 8.1 ________________________________________________________________________ Problem Description: Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD server and it would force the process to consume all CPU and memory resources available to it. This DoS vulnerability could bring the server down with repeated attacks. Finally, Mattias found a segmentation fault problem that is considered by the developers to be unexploitable. ________________________________________________________________________ References: http://www.securityfocus.com/bid/3310 http://www.securityfocus.com/archive/1/169395 http://www.securityfocus.com/archive/1/246331 http://www.proftpd.org/critbugs.html ________________________________________________________________________ Updated Packages: Linux-Mandrake 7.2: 7250ef2a6f2f71eb3e028920834ec093 7.2/RPMS/proftpd-1.2.5-0.rc1.1.2mdk.i586.rpm 0d8ef514ea6bf73168e29e206eb01a64 7.2/SRPMS/proftpd-1.2.5-0.rc1.1.2mdk.src.rpm Mandrake Linux 8.0: 23615350724cd39e1f2bbe1e96a646bd 8.0/RPMS/proftpd-1.2.5-0.rc1.1mdk.i586.rpm bd96b79efd19cd75a575bbbaddb470ca 8.0/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm Mandrake Linux 8.0/ppc: 427f4e7c110036c630bf91cc21140826 ppc/8.0/RPMS/proftpd-1.2.5-0.rc1.1mdk.ppc.rpm bd96b79efd19cd75a575bbbaddb470ca ppc/8.0/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm Mandrake Linux 8.1: d4b9c58e224cbc878c155dde708d9e11 8.1/RPMS/proftpd-1.2.5-0.rc1.1mdk.i586.rpm bd96b79efd19cd75a575bbbaddb470ca 8.1/SRPMS/proftpd-1.2.5-0.rc1.1mdk.src.rpm Mandrake Linux 8.1/ia64: 95fb66a24145dc07593c01f7ea487505 ia64/8.1/RPMS/proftpd-1.2.5-0.rc1.2mdk.ia64.rpm dca5b53c1cf01c5354dd0d88451a3115 ia64/8.1/SRPMS/proftpd-1.2.5-0.rc1.2mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig |