ProFTPD 1.3.3c Release

News

ProFTPD 1.3.3c Release

EcusE 2010. 12. 2. 00:03

1.3.3 이전 버전의 해당 취약점 요약

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.


1.3.3c 변경점
-------------

  + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
  + Fixed directory traversal bug in mod_site_misc
  + Fixed SQLite authentications using "SQLAuthType Backend"






관련 링크 :
http://proftpd.org/docs/RELEASE_NOTES-1.3.3c
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867