Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Debian Security Advisory - proftpd

Debian Security Advisory - proftpd

by phiber on March 7th, 2001 The following problems have been reported for the version of proftpd in Debian 2.2 (potato):

1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect.

2. There is a bug that comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; when it's started again a file named /var is created.



The above problems have been corrected in proftpd-1.2.0pre10-2.0potato1.

We recommend you upgrade your proftpd package immediately.



wget url

will fetch the file for you

dpkg -i file.deb

will install the referenced file.



You may use an automated update by adding the resources from the
footer to the proper configuration.





Download this advisory

Visit Debian Security


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »