In association with heise online

20 December 2010, 16:37

Phrack hole closed in ProFTPD

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ProFTPD Logo The development team behind ProFTPD has released version 1.3.3d, which closes a critical security hole in the SQL module of all previous versions. The flaw was reported roughly a month ago in Phrack, the hacker magazine. A buffer overflow in the function sql_prepare_where() allows attackers to remotely execute arbitrary code on the server. The developers themselves suffered when this vulnerability was exploited by still unknown parties, who entered the project server and installed a back door in the source code.

The new version also fixes a number of additional bugs; as a result, the GPL-licensed server is reportedly now more stable. At the same time, the developers have also published the first release candidate for version 1.3.4.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1156782
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit