Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-95
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 03 Oct 2005
Last revised: 03 Oct 2005

Package: proftpd

Summary: Buffer overflow

More information:
    ProFTPD grew out of the desire to have a secure and configurable FTP server,
    and out of a significant admiration of the Apache web server.
    The buffer overflow vulnerability exists in proftpd.

Impact:
    A local user could exploit this vulnerability to gain privileges.

Affected Products:
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server]
# turbopkg
or
# zabom -u proftpd

[other]
# turbopkg
or
# zabom update proftpd
---------------------------------------------

<Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   proftpd-1.2.10-3.src.rpm
       967733 20f0b90d6e245bdd8de87f36d51a190e

   Binary Packages
   Size: MD5

   proftpd-1.2.10-3.i586.rpm
       569147 ad827bb72a322193985f03ed697b1320

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/proftpd-1.2.10-3.src.rpm
       967733 d042354bf261072f06df590a7012e7cd

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/proftpd-1.2.10-3.i586.rpm
       570086 31411822137ecfaf4d20e9d52ce7ef2e

<Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/proftpd-1.2.10-3.src.rpm
       967733 0f21e6036bfe96b6a39d30a7895b8081

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/proftpd-1.2.10-3.i586.rpm
       570606 4f6599e3d6f83c008ae03371c230851e

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/proftpd-1.2.10-3.src.rpm
       967733 1b80fe6056fed13a1ae1ae63cf5abc47

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/proftpd-1.2.10-3.i586.rpm
       562044 ce64bdd1eef303608caebf26cc75fcd5

<Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/proftpd-1.2.10-3.src.rpm
       967733 91e67be9d10e9256d92d8390f6453c6e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/proftpd-1.2.10-3.i586.rpm
       561844 9af9b08f5fdd48db04c69f0bbd1acfd9

References:

CVE
   [CAN-2004-0346]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0346

--------------------------------------------------------------------------
Revision History
    03 Oct 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDQOzBK0LzjOqIJMwRAoq2AJ9lwD7SDJ5vOVLfX82PyKAqQZcXbwCeMbPm
ZzYEF8Ae7BA1BVsBIRYWb8U=
=Kipn
-----END PGP SIGNATURE-----