Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-5815: proftpd unspecified vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820 ------- Additional Comments From lkundrak@xxxxxxxxxx 2006-11-28 05:28 EST ------- Okay, just so to summarize what was discovered by Evgeny Legerov, disclosed and now fixed: There are two issues: sreplace() stack overflow, which is the vd_proftpd.pm VulnDisco metasploit exploit -- http://www.gleg.net/proftpd.txt. This is fixed in 1.3.0a mod_tls pre-auth buffer overflow. This is in VulnDisco since January 2006 and is not yet fixed in 1.3.0a. So I disagree with Jan's comment #15, updating to 1.3.0a is _not_ sufficient. It is needed to patch for also for the mod_tls issue, because mod_tls.c module is included in Fedora package by default. An attachment #141353 should fix that. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
