Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Jan 2011 16:07:40 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: proftpd before 1.3.3d

I could have swore this flaw got an ID, but I can't find it.

Use CVE-2010-4652

Thanks.

-- 
    JB

----- Original Message -----
> See:
> http://www.securityfocus.com/bid/44933
> http://phrack.org/issues.html?issue=67&id=7#article
> http://bugs.gentoo.org/show_bug.cgi?id=348998
> 
> Quote from securityfocus:
> "ProFTPD is prone to a remote heap-based buffer-overflow
> vulnerability.
> 
> Attackers can exploit this vulnerability to execute arbitrary code
> with
> SYSTEM-level privileges. Failed exploit attempts will result in a
> denial-of-service condition."
> 
> Please assign CVE (a 2010 / last year one).
> 
> --
> Hanno Böck mail/jabber: hanno@...eck.de
> GPG: BBB51E42 http://www.hboeck.de/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.