ProFTPD: Multiple vulnerabilities Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. ProFTPD 2013-09-24 2013-09-24 305343 343389 348998 354080 361963 390075 450746 484614 local, remote 1.3.4d 1.3.4d

ProFTPD is an advanced and very configurable FTP server.

Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details.

A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files.

There is no known workaround at this time.

All ProFTPD users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d" CVE-2009-3555 CVE-2010-3867 CVE-2010-4221 CVE-2010-4652 CVE-2011-1137 CVE-2011-4130 CVE-2012-6095 CVE-2013-4359 underling craig