Security alert! (ProFTPD)

[smtalk]

Hello,

Everyone who is using ProFTPD <=1.3.0 may want to upgrade it to 1.3.1rc2 because of vulnerabilities. List of vulnerabilities for ProFTPD <=1.3.0:

• http://secunia.com/advisories/23141/
• http://secunia.com/advisories/22821/
• http://secunia.com/advisories/23371/
• http://secunia.com/advisories/22803/
• http://secunia.com/advisories/16181/ (<1.3.0rc2)

Instructions to upgrade:

cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls LDFLAGS=-static 
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf 
/etc/rc.d/init.d/proftpd restart

 

[layer0]

Thanks for the notification.

 

[labrocca]

This is not working for me on 6.2 freebsd. I get all types of errors during the make.

cd src/ && make src
gcc -DHAVE_CONFIG_H -DFREEBSD6_2 -DFREEBSD6 -I.. -I../include -O2 -Wall -c main.c
In file included from main.c:42:
/usr/include/libutil.h:118: error: conflicting types for 'pidfile_write'
../include/pidfile.h:34: error: previous declaration of 'pidfile_write' was here
/usr/include/libutil.h:118: error: conflicting types for 'pidfile_write'
../include/pidfile.h:34: error: previous declaration of 'pidfile_write' was here
/usr/include/libutil.h:120: error: conflicting types for 'pidfile_remove'
../include/pidfile.h:33: error: previous declaration of 'pidfile_remove' was here
/usr/include/libutil.h:120: error: conflicting types for 'pidfile_remove'
../include/pidfile.h:33: error: previous declaration of 'pidfile_remove' was here
main.c: In function `session_exit':
main.c:264: error: too few arguments to function `pidfile_remove'
main.c: In function `finish_terminate':
main.c:1763: error: too few arguments to function `pidfile_remove'
main.c: In function `standalone_main':
main.c:2264: error: too few arguments to function `pidfile_write'
*** Error code 1

Stop in /usr/local/directadmin/customapache/proftpd-1.3.1rc2/src.
*** Error code 1

Any recommendations?

EDIT: Well I installed a previos version 1.3.1rc1

ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc1.tar.gz

However after the make install it didn't actually move the proftpd binary so I manually moved it. You have to turn of proftpd before you do this then simply cp the new proftpd to /usr/local/sbin/

This is freebsd so make sure you know where your binary is for proftpd. Start proftpd and telnet to confirm new version is working.

 

[nzyme]

worked ok on Sarge

 

[smtalk]

ProFTPD from now is included into new customapache build script ( http://files.directadmin.com/services/customapache/beta ).

 

[nobaloney]

Martynas,

Does updating to the latest version of ProFTPd require the latest version be uploaded by DA staff to their files repository (along with any changes they require, for example, to the configuration), or does the beta cutomapache script get the latest files automatically from the ProFTPd download site?

Jeff

 

[smtalk]

It's uploaded into DirectAdmin servers, so the beta customapache script gets data from there and not from the official ProFTPd download site. You can safely update it with the new customapache script.

 

[nobaloney]

Thanks, Martynas.

Is there anything required on our servers that the new customapache beta doesn't update ?

In spite of the smiley, I'm serious. We use yum, and we've always used the standard customapache update script, but there were still a lot of things to update manually. Are these all managed now in the beta script?

Thanks.

Jeff

 

[smtalk]

Just all versions of PHP and Apache were added. ProFTPD and suPHP as well. Nothing more We are planning to add exim to it, but we're just thinking and discussing about it with John. Maybe there are any other suggestions to it?

 

[rldev]

This did not work for me. I got an error on make install.

 

[layer0]

This did not work for me. I got an error on make install.

What error? I may have a fix.

 

[rldev]

modules/module_glue.o(.data+0x24): undefined reference to `auth_pam_module'
collect2: ld returned 1 exit status
make: *** [proftpd] Error 1

 

[layer0]

modules/module_glue.o(.data+0x24): undefined reference to `auth_pam_module'
collect2: ld returned 1 exit status
make: *** [proftpd] Error 1

try

cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf 
/etc/rc.d/init.d/proftpd restart

 

[rldev]

Worked like a charm on 2 servers(RHE3 and Centos 4.4). Thank you.

 

[hci]

Do they have a rpm for CentOS4 or EL4 yet?

I don't see one.
http://files.directadmin.com/services/es_4.0/

I would rather use an rpm.

Matt

 

[DhoTjai]

I'm getting this on /etc/init.d/proftpd start :

Starting proftpd: - mod_tls/2.1.2: compiled using OpenSSL version 'OpenSSL 0.9.7k 05 Sep 2006' headers, but linked to OpenSSL version 'OpenSSL 0.9.7a Feb 19 2003' library
- Fatal: unable to load module 'mod_tls.c': Operation not permitted
[FAILED]


How can I fix this?

 

[blackmetal]

try

cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf 
/etc/rc.d/init.d/proftpd restart

Hello,
when i run first command on my server my server have the same problem with rldev but when i run the above command it's run successful!
i post it for thank you layer0 and other who use directadmin and supporter team.
special thanx
bye

 

[Randy]

Updated to proftpd-1.3.1rc3 on 3 CentOS5/32 boxes. All went fine.

 

[.::Gsmdenis::.]

try

cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf 
/etc/rc.d/init.d/proftpd restart

yes install successful , but after that i can not use software connect to server , show me :

[2007/11/23 13:43:25] 530 Login incorrect.
ERROR:> [2007/11/23 13:43:25] Not logged in.
ERROR:> [2007/11/23 13:43:25] Can't login. Disconnecting...

 

[.::Gsmdenis::.]

finaly fixed !thanks