Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 01 Nov 2010 21:34:24 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Proftpd pre-authentication buffer overflow in Telnet code

I haven't seen a CVE/patch/discussion for this issue yet:

| 1.3.3c
| ---------
| 
|   + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)

<http://proftpd.org/docs/RELEASE_NOTES-1.3.3c>

This:

|  + Fixed directory traversal bug in mod_site_misc

is <http://bugs.proftpd.org/show_bug.cgi?id=3519> and also seems to
lack a CVE assignment.

I don't know yet if the following is a security fix:

|  + Fixed SQLite authentications using "SQLAuthType Backend"

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ