Re: [security-alerts] FW: [SA22803] ProFTPD Unspecified Vulnerability

[Dmitry Alyabyev <dimitry@xxxxxxxxx>]

жуть !
особенно радует workaround "Restrict access to the service" :(

-- 
Dimitry

Папа братьев Кличко очень хотел, чтобы его сыновья стали боксерами, поэтому, 
когда те были маленькими, дарил им на день рождения одну игрушку на двоих


On Friday 10 November 2006 12:09, Kazennov, Vladimir wrote:
> Они только умолчали о том, что в продаваемом Легеровым пакете эксплойтов
> есть 0-day эксплойт для ProFTPD
>
> > ----------------------------------------------------------------------
> >
> > TITLE:
> > ProFTPD Unspecified Vulnerability
> >
> > SECUNIA ADVISORY ID:
> > SA22803
> >
> > VERIFY ADVISORY:
> > http://secunia.com/advisories/22803/
> >
> > CRITICAL:
> > Moderately critical
> >
> > IMPACT:
> > System access
> >
> > WHERE:
> > From remote
> >
> > SOFTWARE:
> > ProFTPD 1.3.x
> > http://secunia.com/product/5430/
> >
> > DESCRIPTION:
> > Evgeny Legerov has reported a vulnerability in ProFTPD, which
> > potentially can be exploited by malicious people to compromise a
> > vulnerable system.
> >
> > The vulnerability is caused due to an unspecified error.
> >
> > Successful exploitation may allow execution of arbitrary code.
> >
> > The vulnerability is reported in version 1.3.0. Other versions may
> > also be affected.
> >
> > SOLUTION:
> > Restrict access to the service.
> >
> > PROVIDED AND/OR DISCOVERED BY:
> > Evgeny Legerov, GLEG Ltd.