Re: ProFTPD still vulnerable (Sarge)

2007-01-07 Thread Jim Popovitch
On Thu, 2006-12-07 at 10:26 +0100, Francesco P. Lovergine wrote: > On Wed, Dec 06, 2006 at 09:21:34PM -0500, Jim Popovitch wrote: > > On Thu, 2006-11-30 at 12:28 -0500, Jim Popovitch wrote: > > > On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote: > > > > This is unfortunately an effec

Re: ProFTPD still vulnerable (Sarge)

2006-12-07 Thread Francesco P. Lovergine
On Wed, Dec 06, 2006 at 09:21:34PM -0500, Jim Popovitch wrote: > On Thu, 2006-11-30 at 12:28 -0500, Jim Popovitch wrote: > > On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote: > > > This is unfortunately an effect of an issue with the old mod_delay patch. > > > It's not an exploiting

Re: ProFTPD still vulnerable (Sarge)

2006-12-06 Thread Jim Popovitch
On Thu, 2006-11-30 at 12:28 -0500, Jim Popovitch wrote: > On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote: > > This is unfortunately an effect of an issue with the old mod_delay patch. > > It's not an exploiting of the known issue. You have to either disable > > mod_delay or use >

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Neil McGovern
On Thu, Nov 30, 2006 at 09:05:54PM +, Neil McGovern wrote: > On Thu, Nov 30, 2006 at 12:57:53PM +0100, Stefan Fritsch wrote: > > NOTE: Users of etch/sid should upgrade to 1.3.0-16 *NOW*. > > > > For users of etch, the fixed packages should be going in in two days. If > it doesn't, I'll issue

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Neil McGovern
On Thu, Nov 30, 2006 at 12:57:53PM +0100, Stefan Fritsch wrote: > NOTE: Users of etch/sid should upgrade to 1.3.0-16 *NOW*. > For users of etch, the fixed packages should be going in in two days. If it doesn't, I'll issue a DTSA. Neil -- [..] But, up to now, this Friday was the best Debconf day

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Jim Popovitch
On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote: > This is unfortunately an effect of an issue with the old mod_delay patch. > It's not an exploiting of the known issue. You have to either disable > mod_delay or use > 1.2.10-20sarge1 which is available at > http://people.debian.o

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Moritz Muehlenhoff
Stefan Fritsch wrote: > yes, there are two open vulnerabilites in proftpd. A DSA should be in the > works, but I don't know the current status. It's been released a few minutes ago. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? C

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Francesco P. Lovergine
On Thu, Nov 30, 2006 at 07:28:53AM +0100, Lupe Christoph wrote: > Hi! > > On 23. November I updated the proftpd package on a Sarge machine that > regretably has to have FTP open to the world. Soon after, somebody ran > many attempts to log in as 'Administrator'. These attempts ran again on > the 2

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Lupe Christoph
On Thursday, 2006-11-30 at 13:49:44 +0100, Stefan Fritsch wrote: > Oh, that's bad. You don't have ftps enabled explicitly either? No, just plain ftp. > This probably means that there is at least some exploit to DoS sarge's 1.2.x. As I said, the FTP access from "outside" is disabled now. So I c

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Stefan Fritsch
Hi, >> One is CVE-2006-5815 and the other is a mod_tls vulnerability without >> CVE >> id yet. AFAIK there is no exploit for sarge's 1.2.x for CVE-2006-5815 >> yet. >> So I would expect this to be the mod_tls vulnerability. Do you have >> mod_tls enabled? Try connecting to your server with telnet

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Lupe Christoph
OT: There seems to be something strange with your MUA. Look at this header: Cc: "Lupe Christoph"@murphy.debian.org, " <[EMAIL PROTECTED]>"@murphy.debian.org On Thursday, 2006-11-30 at 12:57:53 +0100, Stefan Fritsch wrote: > > The attacks ceased before I noticed, so I was not able to capt

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Stefan Fritsch
Hi, > The attacks ceased before I noticed, so I was not able to capture a TCP > stream. I would just like to alert people that there is still some > vulnerability in the ProFTPD code that was not fixed by DSA-1218-1. yes, there are two open vulnerabilites in proftpd. A DSA should be in the works,

Re: ProFTPD still vulnerable (Sarge)

2006-11-30 Thread Sam Morris
On Thu, 30 Nov 2006 07:28:53 +0100, Lupe Christoph wrote: > The attacks ceased before I noticed, so I was not able to capture a TCP > stream. I would just like to alert people that there is still some > vulnerability in the ProFTPD code that was not fixed by DSA-1218-1. Indeed, see

ProFTPD still vulnerable (Sarge)

2006-11-29 Thread Lupe Christoph
Hi! On 23. November I updated the proftpd package on a Sarge machine that regretably has to have FTP open to the world. Soon after, somebody ran many attempts to log in as 'Administrator'. These attempts ran again on the 28th and again on the 29th. On that day, they managed to make proftp fall ov