In association with heise online

10 November 2011, 16:40

Critical bug in ProFTPD closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ProFTPD logo The ProFTPD Project developers have released versions 1.3.3g and 1.3.4 of their open source FTP server. ProFTPD 1.3.4 addresses a critical use-after-free memory corruption error in the response API code.

According to Tipping Point's Zero Day Initiative (ZDI), the vulnerability could be exploited by a remote attacker to compromise a victim's system. For users running the 1.3.3x branch, ProFTPD 1.3.3g eliminates the security problem and also fixes several other bugs.

Further details about the releases, including a list of changes, can be found in the 1.3.3g and 1.3.4 release notes. Versions 1.3.3g and 1.3.4 of ProFTPD are available to download from the project's mirrors and are licensed under the GPL.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1377080
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit