Can you give us a little more info? At least tell us if its a buffer overflow or not.cPanelBilly said:
- Status
I dont understand this, how could it only affect 1 machine, the same proftpd software would be on everyones software, have you tested it on more than one machine? Do you mean it only affects 1 distro of linux (or freeBSD) is so which distro?cpanelnick said:
Also, can it be performed remotely or do you need a user account? Nick, when you got root did you do it remotely or with an underprivledged user account? Please let us know this basic information without giving specfic details on how you got root so that we may know how serious of a bug this is. I have a lot of dedicated server customers and will take some time to get them all to change as I dont have root to all of their servers.BianchiDude said:
cPanel have already told you that they are not going to release any information about the vulnerability and will provide details to proftpd when they have specific details. For now, you have the workaround fix for switching to pure-ftpd.BianchiDude said:
- Status
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| G | Open-source ProFTPD hacked, backdoor planted in source code | Security | 3 | |
|
Hint: Enable SSL in ProFTPD | Security | 3 | |
| S | Security proftpd | Security | 2 | |
|
Security Advisory: ProFTPD | Security | 14 | |
| H | Security Breach In Proftpd | Security | 0 |