Re: ProFTPD Root Exploit...

Subject: Re: ProFTPD Root Exploit...
From: Rich Lafferty (
Date: Mon Aug 30 1999 - 13:36:28 MDT

Quoting Darron Froese ( from Sun, Aug 29, 1999 at 07:44:12PM -0600:
> There's a lovely remote root exploit available for ProFTPD.
> Question to all: How come, I can patch the source for proftpd on my intel
> linux box and it works just fine while getting the tarball (from
> or SRPMS from, rebuilding and
> patching doesn't work on ydl-1.0 - it just doesn't want to let me log in -
> it's probably pam related but I just don't know where...
> If no-one knows, is there an updated rpm?
> Here's the patch in case you're interested:

I rebuilt proftpd from pristine sources (not Yellow Dog's srpms) this
morning after receiving news of the exploit. The patch applied cleanly,
and the build went fine.

You might try grabbing the current proftpd from {www,ftp}
and building that, although I hear an updated RPM will be available
Any Minute Now.


------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Information and Instructional Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- ----------------------

This archive was generated by hypermail 2a24 : Sun Sep 05 1999 - 13:46:33 MDT