[Kroupware] ProFTPD vulnerability

Martin Konold martin.konold at erfrakon.de
Wed Sep 24 13:35:34 CEST 2003


Hi,

yesterday it came to our attention that ProFTPD has a remote exloitable 
vulnerabilty.

According to http://xforce.iss.net/xforce/alerts/id/154 a successful exploit 
needs uploading and downloading permissions on the server.

The standard Kolab setup does not allow for downloading from ProFTPD.

Erfrakon will nevertheless provide an update of the proftp source package 
asap, basically because some users might use the kolab provided proftpd for 
other purposes than just support for legacy Kolab client platforms (Win NT4)

Regards,
-- martin

Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de


More information about the Kroupware mailing list