ProFTPd Update: Virtualmin/Ubuntu

4 posts / 0 new

Topic locked

#1 Thu, 12/16/2010 - 12:39

Wutar

ProFTPd Update: Virtualmin/Ubuntu

Hello,

I'm running Virtualmin 3.82.gpl on Ubuntu Server 10.04.1 with proftpd-basic 1.3.2c-1ubuntu0.1 and I'm just wondering if this version is secure or if it still contains the security hole in the pr_netio_telnet_gets() function. Judging by a log entry from the lucid-security team and the fact that I haven't any availible updates I would say (or better hope) it is secure but I'm a bit concerned that it isn't...

Thanks for any infos!

#2 Thu, 12/16/2010 - 12:53

andreychek

Howdy,

If you have concerns about security issues like that, you can always browse to packages.ubuntu.com, look up the package in question, then check out the "Ubuntu Changelog" link on the right. The changelog would mention whether or not a security update was applied.

For example, the following is the changelog for proftpd in Lucid:

http://changelogs.ubuntu.com/changelogs/pool/universe/p/proftpd-dfsg/pro...

You can see at the top there where it describes the recent patches applied for that particular vulnerability.

So, if you're running the latest updates from Ubuntu, you should be in good shape :-)

-Eric

#3 Thu, 12/16/2010 - 15:17

Wutar

Good to hear.

Thanks for the answer and the link!

#4 Thu, 12/16/2010 - 18:39

helpmin

There is potentially another problem with proftpd (at least on centos). The log file xferlog in /var/log/ is wide open (644). You should check that on your system.

Topic locked