Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: RvLardin on March 06, 2004, 07:26:18 PM

Title: SME 5.6 : ProFTPD vulnerability
Post by: RvLardin on March 06, 2004, 07:26:18 PM: sources :
http://secunia.com/advisories/11039/
http://www.securityfocus.com/archive/1/355933

affected versions of ProFTPD :
1.2.7/1.2.7p
1.2.8/1.2.8p
1.2.9rc1/1.2.9rc1p
1.2.9rc2/1.2.9rc2p

affected version of e-smith :
SME 5.6 (1.2.8p) *is* vulnerable.
SME 6.0.x seems not to be affected since it use the 1.2.9 version.
Earlier version are not noticed in the advisories (SME 5.5 uses the ProFTPD 1.2.0 version).

For the moment we have stopped this service on our vulnerables servers.

Someone with a 5.6 "test" server can test the upgrade of proftpd from 1.2.8 to 1.2.9 ?
Thanks.

A+,
RV.
Title: Re: SME 5.6 : ProFTPD vulnerability
Post by: CharlieBrady on March 13, 2004, 01:54:19 AM: Quote from: "RvLardin"
sources :
http://secunia.com/advisories/11039/
http://www.securityfocus.com/archive/1/355933

affected versions of ProFTPD :

Please don't post security messages to a public phorum. Send mail to security@lists.contribs.org.

In this case, I think you'll find that the proftpd used in SME is already patched for that problem.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies