Title: ProFTPD: Local privilege escalation Date: February 13, 2007

Discussion in 'General' started by Norman, Feb 14, 2007.

  1. Norman

    Norman Member HowtoForge Supporter

    Careful people. Appearently there's a new proftpd root exploit 0-day.
    I dont know if the "perfect" setups from Howtoforge are vurnurable, hopefully wont be if they're run in jail environment. However, I'd be a little bit careful the next following days.
  2. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    Can you supply a link to where this exploit is mentioned? My Google search returned:
    This is only applicable for ISPConfig users who have modified the default install. Also this is a rather "old" security notice (Dec 13, 2006), so I'm not sure if you refer to this exploit.
  3. Norman

    Norman Member HowtoForge Supporter

    It's a bellua.com security consultant who notify me of this exploit. I dont have the actual source to this exploit, but I'd just be a bit careful the coming days until they've issued a patch to this issue.
  4. edge

    edge Active Member Moderator

    Thanks for the info.. Will keep an eye on my ProFTP (runing in user jailed mode)
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I nkow, the controls feature is not activated in any of the perfect setup guides. But every administrator should install all available updates and patches from his linux distribution regularily.

Share This Page