In association with heise online

20 December 2010, 16:37

Phrack hole closed in ProFTPD

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ProFTPD Logo The development team behind ProFTPD has released version 1.3.3d, which closes a critical security hole in the SQL module of all previous versions. The flaw was reported roughly a month ago in Phrack, the hacker magazine. A buffer overflow in the function sql_prepare_where() allows attackers to remotely execute arbitrary code on the server. The developers themselves suffered when this vulnerability was exploited by still unknown parties, who entered the project server and installed a back door in the source code.

The new version also fixes a number of additional bugs; as a result, the GPL-licensed server is reportedly now more stable. At the same time, the developers have also published the first release candidate for version 1.3.4.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit