ProFTPD: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201309-15 / ProFTPD
||September 24, 2013
||September 24, 2013: 1
All supported architectures
#305343, #343389, #348998, #354080, #361963, #390075, #450746, #484614
Multiple vulnerabilities have been found in ProFTPD, the worst of
which leading to remote execution of arbitrary code.
ProFTPD is an advanced and very configurable FTP server.
Multiple vulnerabilities have been discovered in ProFTPD. Please review
the CVE identifiers referenced below for details.
A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process, perform man-in-the-middle attacks to spoof
arbitrary SSL servers, cause a Denial of Service condition, or read and
modify arbitrary files.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"