Article 15017 at 09/02/12 12:59:33 From: bluequartz (at mark) ohiowebhosting.net Subject: [coba-e:15017] Re: ProFTP exploit???

Index: [Article Count Order] [Thread]

Date:  Wed, 11 Feb 2009 22:59:27 -0500
From:  "Lucas Peyatt - Ohio Web Hosting & Development" <bluequartz (at mark) ohiowebhosting.net>
Subject:  [coba-e:15017] Re: ProFTP exploit???
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20090212035416.M18782 (at mark) ohiowebhosting.net>
In-Reply-To:  <645055.3159.qm (at mark) web65609.mail.ac4.yahoo.com>
References:  <645055.3159.qm (at mark) web65609.mail.ac4.yahoo.com>
X-Mail-Count: 15017

I doubt it,

"When a backend database (mysql and reportedly postgres) is used for 
authentication with ProFTPd 1.3.1 and later"

ProFTPd on BQ does not authenticate with either mysql or postgres.

On Wed, 11 Feb 2009 19:51:27 -0800 (PST), JS wrote
> Anybody know if our proftp in CentosBQ is vulnerable
> to this exploit?? Just ran across the warning on ISC
> website. Guess I will go scan my log files....
> 
> http://isc.sans.org/diary.html?storyid=5845
> 
> Joe (still miffed)

--
Lucas Peyatt
Ohio Web Hosting & Development
lucas (at mark) ohiowebhosting.net
www.ohiowebhosting.net
937.969.4476 dayton
614.441.8169 columbus
513.258.2376 cincinnati
206.350.1292 facsimile