The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pure-ftpd bologna vuln

Discussion in 'General Discussion' started by lbccserv, Aug 8, 2005.

  1. lbccserv

    lbccserv Active Member

    Joined:
    Mar 23, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Don't bother switching. I won't say much, but unless you run mod-sql, don't worry.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You're going to have to explain yourself some more if you want your post to be intelligible and for anyone to give credence to whatever you are posting about :)
     
  3. lbccserv

    lbccserv Active Member

    Joined:
    Mar 23, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Well, I can't say too too much about it. Let's just say that I am a senior member of http://neworder.box.sk. My clients include such people as the guy who generated the entire LMhash database, which cracks any LM encrypted password in a split second, one who found the most recent 'remote command execution' hole in phpbb, as well as those whos only job is to write windows exploits :) I can't talk about the specifics as I was asked not to, but as long as you don't run proftpd with anything related to sql stored usernames, don't worry :)
     
  4. pamos

    pamos Member

    Joined:
    Aug 11, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Dont bother to post here to if u cant talk about it ;)
    U help us, then we will help other, thats y we must help each others

    Regards
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Now I'm confused. In your thread title you're talking about pure-ftpd and in your post you're talking about proftpd. Which one is it that apparently has this vulnerability? Also, which specific versions? Do you have a CERT or other advisory link?
     
  6. lbccserv

    lbccserv Active Member

    Joined:
    Mar 23, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Sorry, I was talking about the bogus 'proftpd' vuln. No, there is no CERT/packetstorm link, but I'd be glad to have a conversation with someone in PM regarding it.
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    So how do you know that the issue that cPanel has found relates to MySQL use? I would suggest that you have this discussion with cPanel through security@cpanel.net
     
Loading...

Share This Page