Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.102 -- Debian Security Advisory DSA-032-1 proftpd running as root, /var symlink removal 7 March 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: proftpd Vendor: Debian Operating System: Debian Linux Impact: Increased Privileges Overwrite Arbitrary Files - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- - - ------------------------------------------------------------------------ Debian Security Advisory DSA-032-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman March 7, 2001 - - ------------------------------------------------------------------------ Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes The following problems have been reported for the version of proftpd in Debian 2.2 (potato): 1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect. 2. There is a bug that comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; when it's started again a file named /var is created. The above problems have been corrected in proftpd-1.2.0pre10-2.0potato1. We recommend you upgrade your proftpd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - - ------------------------------------- Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.diff.gz MD5 checksum: d75281d5332b005efd94ad0ff5ac3f63 http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.dsc MD5 checksum: 8ff4de189c0b986ab4496ef7ae6467f4 http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10.orig.tar.gz MD5 checksum: a1c25e59bb4281e2f83000796dc52388 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/proftpd_1.2.0pre10-2.0potato1_alpha.deb MD5 checksum: 2e3d924a93692fc546f76fadf6e35cf7 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/proftpd_1.2.0pre10-2.0potato1_arm.deb MD5 checksum: 2e2e9a921f45c6c73f0c0a1ba2c7fb13 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/proftpd_1.2.0pre10-2.0potato1_i386.deb MD5 checksum: 9c0ff3c87e4802316081775fcf80c5d2 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/proftpd_1.2.0pre10-2.0potato1_m68k.deb MD5 checksum: 615709bf8777da7939217cf316c529b7 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/proftpd_1.2.0pre10-2.0potato1_powerpc.deb MD5 checksum: 5a384113e857ba4a0b6bdcfce62ca880 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/proftpd_1.2.0pre10-2.0potato1_sparc.deb MD5 checksum: c99f335bca49f98867b1a9c473c97edc These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - - -- - - ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOqWQLajZR/ntlUftAQHWRgL/UhpFFB7Jkdf61VMxkEnhaepLYEvzzP/8 KUbfZvk5GDwFEIR0O/Y6KyNDV5Gn/ttgZ5iPcY05za0vngFMsJ0BuFFmiKkViHle wxcUMvoCiLJQhDWTs18K+k4V9tzL4UUY =Jx23 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOqY+Rih9+71yA2DNAQGbhgP/fa/nAWJXrdVNUHyS1KVPmAFOXx3hRCfd 7cgLI5GKNgR1nifjCIvsanrsNslpCnuCGYSD64X8wXZVJM3gp6lrZfu10ZU9LdU6 JZOgC2a+NgxzszMe4OcqNk6r7kLmHxhvPHkLsWw0LfyKLsAejPrv8uHCl4XTTSCz DSqiKq/EqYw= =NmwD -----END PGP SIGNATURE-----