[Frugalware-git] homepage-ng: FSA545-proftpd

Miklos Vajna vmiklos at frugalware.org
Wed Oct 22 16:16:33 CEST 2008

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=a019a81066a82cc6894a40b220e2839a0cac76f6

commit a019a81066a82cc6894a40b220e2839a0cac76f6
Author: Miklos Vajna <vmiklos at frugalware.org>
Date:   Wed Oct 22 16:16:30 2008 +0200


diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 7380cdd..90ec54b 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,18 @@

+		<id>545</id>
+		<date>2008-10-22</date>
+		<author>Miklos Vajna</author>
+		<package>proftpd</package>
+		<vulnerable>1.3.1-4</vulnerable>
+		<unaffected>1.3.1-5solaria1</unaffected>
+		<bts>http://bugs.frugalware.org/task/3370</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4242</cve>
+		<desc>A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks.
+		The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following a malicious link.</desc>
+	</fsa>
+	<fsa>
<author>Miklos Vajna</author>

More information about the Frugalware-git mailing list