===
Summary
===
On 6 November 2006, Evgeny Legerov [EMAIL PROTECTED] posted to BUGTRAQ[1],
announcing his commercial VulnDisco Pack for Metasploit 2.7[2]. One of the
included exploits, vd_proftpd.pm, takes advantage of an off-by-one string
manipulation flaw in ProFTPD's sreplace()
xed. No other format string
vulnerabilites were found.
More information, including patches, can be found at
http://bugs.proftpd.net/show_bug.cgi?id=430
--
John Morrissey _o/\ __o
[EMAIL PROTECTED]_- \_ / \ \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__