Date: Thu, 8 Feb 2001 19:41:09 -0200
Subject: [CLA-2001:380] Conectiva Linux Security Announcement -
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : proftpd
SUMMARY : Denial of Service
DATE : 2001-02-08 19:17:00
ID : CLA-2001:380
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1, 6.0
"proftpd" is a very popular ftp server. Wojciech Purczynski
reported two memory leak problems that could be used in a DoS
1) A memoy leak will happen everytime a SIZE command is given,
provided that the scoreboard file is not writable. The default
installation is *not* vulnerable to this problem;
2) A similar problem existed with the USER command. Every USER
command would cause the server to use more memory.
Additionally, Przemyslaw Frasunek reported some format string
vulnerabilities which have been fixed.
It is recommended that all ProFTPd users upgrade to the latest
Users of Conectiva Linux version 6.0 or higher may use apt to
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.