vulnerable to CVE-2007-2165
Bug #132161 reported by
fago
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd (Debian) |
Fix Released
|
Unknown
|
|||
proftpd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
proftpd-dfsg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: proftpd
http://
I was able to reproduce the problem with feisty's proftpd package.
This problem may even lead to remote code injection:
http://
Which is already used by attackers:
(sry, german) http://
CVE References
Changed in proftpd: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Changing to confirmed since this is reported in debian and upstream.