Phrack hole closed in ProFTPD
The development team behind ProFTPD has released version 1.3.3d, which closes a critical security hole in the SQL module of all previous versions. The flaw was reported roughly a month ago in Phrack, the hacker magazine. A buffer overflow in the function sql_prepare_where() allows attackers to remotely execute arbitrary code on the server. The developers themselves suffered when this vulnerability was exploited by still unknown parties, who entered the project server and installed a back door in the source code.
The new version also fixes a number of additional bugs; as a result, the GPL-licensed server is reportedly now more stable. At the same time, the developers have also published the first release candidate for version 1.3.4.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
