[Secure-testing-team] Re: proftpd, low impact DoS bug
John Morrissey
jwm at proftpd.org
Wed Nov 29 16:04:53 CET 2006
On Wed, Nov 29, 2006 at 09:53:10AM +0100, Francesco P. Lovergine wrote:
> The last new issue is due to memcpy() in mod_tls which is enabled by
> default in 1.2.10+ (but used only for ftps connections). At this time
> there is not an official patch (even if it's trivial at least pre-checking
> datalen in the code).
TJ addressed this last night:
http://bugs.proftpd.org/show_bug.cgi?id=2860
john
--
John Morrissey _o /\ ---- __o
jwm at proftpd.org _-< \_ / \ ---- < \,
www.proftpd.org/ __(_)/_(_)________/ \_______(_) /_(_)__
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061129/b77ced1a/attachment.pgp
More information about the Secure-testing-team
mailing list