Hi,
so ProFTPd currently has 2 open security issues in Ubuntu 10.4 LTS (ProFTPd 1.3.2c-1ubuntu0.1). The
Telnet IAC processing stack overflow from 2010-10-29, fixed in 1.3.3c, and the newer
mod_sql pre-authentication remote root issue from Mid-November, still unpatched by the ProFTPd authors.
I'm running that FTP server on my system and I'm concerned about my system security. At least the first patch should have been ported a month ago, but the
USN list doesn't mention ProFTPd for a long time.
Should I consider switching to another FTP server, Pure-FTP has been mentioned elsewhere? Or does Ubuntu have a somehow modified version that didn't have those issues in the first place, but nobody mentioning it?
Bookmarks