Pure-ftpd bologna vuln

[lbccserv]

Don't bother switching. I won't say much, but unless you run mod-sql, don't worry.

[chirpy]

You're going to have to explain yourself some more if you want your post to be intelligible and for anyone to give credence to whatever you are posting about

[lbccserv]

Well, I can't say too too much about it. Let's just say that I am a senior member of http://neworder.box.sk. My clients include such people as the guy who generated the entire LMhash database, which cracks any LM encrypted password in a split second, one who found the most recent 'remote command execution' hole in phpbb, as well as those whos only job is to write windows exploits :-) I can't talk about the specifics as I was asked not to, but as long as you don't run proftpd with anything related to sql stored usernames, don't worry :-)

[pamos]

I can't talk about the specifics as I was asked not to,

Dont bother to post here to if u cant talk about it
U help us, then we will help other, thats y we must help each others

Regards

[chirpy]

Now I'm confused. In your thread title you're talking about pure-ftpd and in your post you're talking about proftpd. Which one is it that apparently has this vulnerability? Also, which specific versions? Do you have a CERT or other advisory link?

[lbccserv]

Sorry, I was talking about the bogus 'proftpd' vuln. No, there is no CERT/packetstorm link, but I'd be glad to have a conversation with someone in PM regarding it.

[chirpy]

So how do you know that the issue that cPanel has found relates to MySQL use? I would suggest that you have this discussion with cPanel through security@cpanel.net