Debian Security Advisory
proftpd -- buffer overflows in proftpd
- Date Reported:
- 11 Nov 1999
- Affected Packages:
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 650.
- More information:
- The proftpd version that was distributed in Debian
GNU/Linux 2.1 had several buffer overruns that could be exploited by remote
attackers. A short list of problems:
- user input was used in snprintf() without sufficient checks
- there was an overflow in the log_xfer() routine
- you could overflow a buffer by using very long pathnames
Please note that this is not meant to be an exhaustive list.
In addition to the security fixes a couple of Y2K problems were also fixed.
See this SUSE Security (1999 Sep 0052) announcement and BugTraq lists (1999 Sep 0337), for additional information.
We have made a new package with version 1.2.0pre9-4 to address these issues, and we recommend to upgrade your proftpd package immediately.
- Fixed in: