Home > Security > Advisories


Mandriva Advisories

Package name proftpd
Date February 8th, 2001
Advisory ID MDKSA-2001:021
Affected versions 7.2
Synopsis Updated proftpd packages fix memory leaks and string format vulnerabilities

Problem Description

The ProFTPD FTP server has problems with memory leaking that could be
used in a DoS attack, as reported by Wojciech Purczynski. A memory
leak will happen every time a SIZE command was given provided that the
scoreboard file is not writable, which is not the case in a default
Linux-Mandrake installation. A similar problem also existed with
the USER command where every time it was given the server would use
more memory. Additionally, some format string vulnerabilities were
reported by Przemyslaw Frasunek which have also been fixed.

Updated Packages

Mandrakelinux 7.2

 a2e330bd49855d74bfbb2f1e80c3e312  7.2/RPMS/proftpd-1.2.0rc3-1.1mdk.i586.rpm
3ec2a5ee6b834e1193de5e3b738eaa53  7.2/SRPMS/proftpd-1.2.0rc3-1.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.