pure-ftp Version 1.0.52 released (older versions vulnerable)

Hostmavi

Verified User
Joined
Jul 7, 2019
Messages
59
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.

vulnerability is CVE-2024-48208
 
Yep, 1.052 is released to fix this, so hopefully DA will update soon too.

You might want to adjust your title because now it looks like 1.052 is vulnerable. Maybe change to (older are vulnerable) or something.
 
Thanks. The pure-ftpd service install script is not yet updated to pull sources and versions from upstream. In the mean time we have added latest version to our mirrors. This means bumping the pureftpd version in CustomBuild is enough to get the latest release.

In DA 1.670 we will release a CB upgrade to start using upstream (not our mirrors) to download the latest version.
 
Hi Richard,
the titel pure-ftp Version 1.0.52 released (vulnerable)
i shoult tell why the Version 1.0.52 released.
but i adjust it
 
Is it possible to update Pure-FTP (1.0.52) on older versions of DirectAdmin as well, especially for those still using CentOS/CloudLinux 7?
 
Back
Top