[29/Oct/2010]
The ProFTPD Project team has released 1.3.3c to the community.
This is an important security release, containing fixes for a Telnet IAC handling vulnerability and a directory traversal vulnerability in the mod_site_misc module.
The RELEASE_NOTES and NEWS files contain the full details.
1.3.3c
---------
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
http://www.proftpd.org/download.html
The ProFTPD Project team has released 1.3.3c to the community.
This is an important security release, containing fixes for a Telnet IAC handling vulnerability and a directory traversal vulnerability in the mod_site_misc module.
The RELEASE_NOTES and NEWS files contain the full details.
1.3.3c
---------
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
http://www.proftpd.org/download.html