More information :
ProFTPD grew out of the desire to have a secure and configurable FTP server,
and out of a significant admiration of the Apache web server.
There are currently a very limited number of FTP servers running on Unix (or Unix-like) hosts.
A vulnerability exists in the ProFTPD server that can be triggered by
remote attackers when transferring files from the FTP server in ASCII mode.
The attacker must have the ability to upload a file to the server,
and then attempt to download the same file to trigger the vulnerability.
Impact :
This vulnerability may allow a remote attacker to execute arbitrary code.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update proftpd
---------------------------------------------
Notice :
After performing the update, it is necessary to restart the proftpd daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/proftpd restart
or
# /etc/rc.d/init.d/proftpd restart
---------------------------------------------
