Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 158122
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Drew <aetius@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 158122 depends on: Show dependency tree
Bug 158122 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-12-14 04:33 0000 
http://secunia.com/advisories/23371/

local privilege escalation to root.

mod_ctrls is disabled by default in upstream (according to the advisory), and
is only exploitable by local users who have access to the controls via an ACL
in the conf file.

Version 1.3.1rc1 is the fixed version, should be available in their CVS.

------- Comment #1 From Matt Drew 2006-12-14 04:57:11 0000 ------- 
fixing summary.

------- Comment #2 From Matthias Geerdsen 2006-12-14 08:06:43 0000 ------- 
/* (no) comment */

------- Comment #3 From Luca Longinotti 2006-12-20 15:15:16 0000 ------- 
net-ftp/proftpd-1.3.1_rc1 is in the tree, fixing all the known vulns and bugs
we had to patch before, and it seems to work very well, so do your magic,
security team and archs! ;)
Best regards, CHTEKK.

PS: we pass --enable-ctrls by default, so I'm pretty sure we have mod_ctrls or
at least the sending of controls enabled by default (bug was in src/ctrls.c).

------- Comment #4 From Raphael Marichez 2006-12-21 01:49:38 0000 ------- 
Hi arches team, please test mark stable if appropriate:
net-ftp/proftpd-1.3.1_rc1

------- Comment #5 From Tobias Scherbaum 2006-12-21 03:18:53 0000 ------- 
ppc stable

------- Comment #6 From Markus Rothe 2006-12-21 06:49:50 0000 ------- 
ppc64 stable

------- Comment #7 From Gustavo Zacarias (RETIRED) 2006-12-21 06:56:50 0000 ------- 
sparc stable.

------- Comment #8 From Andrej Kacian (RETIRED) 2006-12-21 10:49:14 0000 ------- 
*poof*

------- Comment #9 From Bryan Østergaard (RETIRED) 2006-12-23 02:55:40 0000 ------- 
Alpha stable.

------- Comment #10 From René Nussbaumer 2006-12-24 14:31:54 0000 ------- 
Stable on hppa. Sorry for delay.

------- Comment #11 From Matt Drew 2007-01-12 18:27:36 0000 ------- 
pinging amd64.

------- Comment #12 From Steve Dibb 2007-01-23 10:18:40 0000 ------- 
amd64 stable

------- Comment #13 From Raphael Marichez 2007-02-10 19:05:28 0000 ------- 
Late ! :(((

GLSA request filed.

------- Comment #14 From Raphael Marichez 2007-02-13 23:55:37 0000 ------- 
GLSA 200702-02, thanks to everybody.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug