aru Posted April 30, 2004 Report Share Posted April 30, 2004 MandrakeSoft Security Advisory MDKSA-2004:041 : proftpd April 30th, 2004 Updated ProFTPD packages fix vulnerability A portability workaround that was applied in version 1.2.9 of the ProFTPD FTP server caused CIDR based ACL entries in "Allow" and "Deny" directives to act like an "AllowAll" directive. This granted FTP clients access to files and directories that the server configuration may have been explicitly denying. This problem only exists in version 1.2.9 and has been fixed upstream. A patch has been applied to correct the problem. The released versions of Mandrake GNU/Linux affected are: 10.0Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:041 Other references: http://bugs.proftpd.org/show_bug.cgi?id=2267 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts