PDA

View Full Version : ProFTPD potential security hole


domino
18th August 2005, 12:01
I have had this message lurking on top of my WHM Panel. Maybe some my take hed to the warning since most of us do use it :)

Security At this time, it is recommended that all customers using proftpd Switch to pure-ftpd as soon as possible to eliminate a potential security hole. Please note that all released versions of proftpd are belived to be affected and the exact problem is not yet known. Customers who experience the problems switching are welcomed to bypass the normal support procedure and submit a ticket directly at cpanel.net.

Severity: High

till
18th August 2005, 12:14
I have had this message lurking on top of my WHM Panel. Maybe some my take hed to the warning since most of us do use it :)

Hello,

as far as i know is this security hole related only to SQL-based installs. ISPConfig does not use the SQL functions in proftpd. But maybe anyone else knows if also non-sql setups are affected.

Till

till
18th August 2005, 12:52
Maybe a switch to pureftpd as option makes sense for the next versions because proftpd has a long history of bugs :(

domino
19th August 2005, 03:25
Maybe a switch to pureftpd as option makes sense for the next versions because proftpd has a long history of bugs :(
YES PLEASE!! And as far as I know, It's faster with login and handshakes. Plus it uses less memory than proftpd. That would be great! How about just add it as a plug-in as you did with phpMyAdmin, and Webmail? Is that feasable?

Edit: PS. Even better glftpd? :D I would love to run scripts on my ftp client without having to log into shell :cool: Adn there are so many other things you can do with glftpd :D