Re: ProFTPD Root Exploit...

Subject: Re: ProFTPD Root Exploit...
From: Rich Lafferty (rich@alcor.concordia.ca)
Date: Mon Aug 30 1999 - 13:36:28 MDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: something: "Java Support -"
Previous message: Dick Benster: "Re: How eliminate video artifacts while drawing?"
In reply to: Darron Froese: "ProFTPD Root Exploit..."
Reply: Rich Lafferty: "Re: ProFTPD Root Exploit..."

Quoting Darron Froese (darron@fudgehead.com) from Sun, Aug 29, 1999 at 07:44:12PM -0600:
> There's a lovely remote root exploit available for ProFTPD.
>
> Question to all: How come, I can patch the source for proftpd on my intel
> linux box and it works just fine while getting the tarball (from
> www.proftpd.org) or SRPMS from ftp.yellowdoglinux.com, rebuilding and
> patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
> it's probably pam related but I just don't know where...
>
> If no-one knows, is there an updated rpm?
>
> Here's the patch in case you're interested:

I rebuilt proftpd from pristine sources (not Yellow Dog's srpms) this
morning after receiving news of the exploit. The patch applied cleanly,
and the build went fine.

You might try grabbing the current proftpd from {www,ftp}.proftpd.org
and building that, although I hear an updated RPM will be available
Any Minute Now.

-r.

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Information and Instructional Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------

Next message: something: "Java Support -"
Previous message: Dick Benster: "Re: How eliminate video artifacts while drawing?"
In reply to: Darron Froese: "ProFTPD Root Exploit..."
Reply: Rich Lafferty: "Re: ProFTPD Root Exploit..."

This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT