ProFTPD advisory et quelques informations utiles (comment sécuriser). From: MacGyver <[EMAIL PROTECTED]> Newsgroups: alphanet.ml.security.bug-traq Subject: Re: ProFTPD Advisory Date: 6 Jul 2000 21:02:05 +0200 Message-ID: <[EMAIL PROTECTED]> A couple of things: That advisory was actually sent out by mistake. These issues were known, and are addressed in the latest CVS version of ProFTPD. They are relatively minor, in general, and if you're using sound security policies in the first place (including following some of the advice given on the web site (http://www.proftpd.net/security.html), any potential problems are already non-issues. There was a miscommunication between myself, Aleph 1 (Maintainer of BugTraq), and Lamagra, and so the advisory was mistakenly posted already. I had asked Lamagra to hold off until this weekend (which he graciously agreed to do), since I had planned to release 1.2.0 later this week. That said, they are issues, and they need to be addressed, regardless of how remote the possibility of an exploit is. For those extremely concerned, feel free to grab the latest CVS version of ProFTPD, which addresses these issues. I hope this clarification helps, and as I said, ProFTPD 1.2.0 will be released later this week, and contains this, and many other fixes/enhancements. Then, I can get on rewriting a few core pieces of ProFTPD to focus more heavily on performance enhancements, flexibility, and FTP security extensions. -- Pour poster une annonce: [EMAIL PROTECTED]
