Pages: [1] Go Down

SME 5.6 : ProFTPD vulnerability

RvLardin

82
+0/-0

SME 5.6 : ProFTPD vulnerability

« on: March 06, 2004, 07:26:18 PM »

sources :
http://secunia.com/advisories/11039/
http://www.securityfocus.com/archive/1/355933

affected versions of ProFTPD :
1.2.7/1.2.7p
1.2.8/1.2.8p
1.2.9rc1/1.2.9rc1p
1.2.9rc2/1.2.9rc2p

affected version of e-smith :
SME 5.6 (1.2.8p) *is* vulnerable.
SME 6.0.x seems not to be affected since it use the 1.2.9 version.
Earlier version are not noticed in the advisories (SME 5.5 uses the ProFTPD 1.2.0 version).

For the moment we have stopped this service on our vulnerables servers.

Someone with a 5.6 "test" server can test the upgrade of proftpd from 1.2.8 to 1.2.9 ?
Thanks.

A+,
RV.

Logged

----
"Those who are willing to lose some of their essential liberties in favour of security deserve neither and will lose both."
- Thomas Jefferson .

CharlieBrady

6,918
+3/-0

Re: SME 5.6 : ProFTPD vulnerability

« Reply #1 on: March 13, 2004, 01:54:19 AM »

Quote from: "RvLardin"

sources :
http://secunia.com/advisories/11039/
http://www.securityfocus.com/archive/1/355933

affected versions of ProFTPD :

Please don't post security messages to a public phorum. Send mail to security@lists.contribs.org.

In this case, I think you'll find that the proftpd used in SME is already patched for that problem.

Logged

Pages: [1] Go Up

« previous next »