Mandrake Linux Security Advisory : proftpd (MDKSA-2002:005)
High Nessus Plugin ID 13913
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionMatthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD server and it would force the process to consume all CPU and memory resources available to it. This DoS vulnerability could bring the server down with repeated attacks. Finally, Mattias found a segmentation fault problem that is considered by the developers to be unexploitable.
SolutionUpdate the affected proftpd package.