store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sat May 18, 2013 5:47 am

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
BruceLee
 Post subject: ProFTPd:Response pool use-after-free memory corruption error
Unread postPosted: Sun Nov 13, 2011 2:48 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 802
Location: Germany
Response pool use-after-free memory corruption error
SOURCE:

http://bugs.proftpd.org/show_bug.cgi?id=3711
Top
 Profile  
 
breun
 Post subject: Re: ProFTPd:Response pool use-after-free memory corruption e
Unread postPosted: Sun Nov 13, 2011 7:26 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Seems like an update to either 1.3.3g or 1.3.4 will fix this issue. The current psa-proftpd version in Atomic is 1.3.3e.

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
mikeshinn
 Post subject: Re: ProFTPd:Response pool use-after-free memory corruption e
Unread postPosted: Sun Nov 13, 2011 7:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3242
Location: Chantilly, VA
The ASL kernel makes you immune to this class of vulnerability already. If you are not using the ASL kernel, then you are not immune to this entire class of vulnerability (regardless of what application may have this kind of vulnerability - which could be anything not just proftp).

For those users that are not using the ASL kernel we highly recommend you run the ASL kernel so you too can be immune to whole classes of vulnerabilities like this one.

And for those that choose to run an insecure kernel, we will be releasing an update for proftp. You will still, of course, be vulnerable to any future (or current) vulnerabilities like this one in any other application.

So, just to recap, if you are using the ASL kernel you do not need to worry about this, you are immune.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group