lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 26 Feb 2004 20:12:28 +0100
From: "Peter Buijsman" <peter@...te.net>
To: <bugtraq@...urityfocus.com>
Subject: RE: Serv-U "MDTM" buffer overflow PoC DoS exploit



> Here it is, test your systems, temporarily disable Serv-U, 
> and wait for the vendor to release a patch.

Serv-U has released a security patch yesterday. An e-mail has been send out
to registered users. It fixes the MDTM problem and some other small bugs.


"Serv-U 5.0.0.4 has been released.  This is a point-release of 5.0 that
fixes a number of bugs.  We highly recommend upgrading to 5.0.0.4, in
particular for the following reasons:

* A bug in SQL statements used by ODBC domains has been fixed.
* Added automatic connection retry in case ODBC connectivity failure.
* A bug causing Secure-FTP transfers to fail has been fixed.
* A bug in the MDTM command that could cause server crashes has been
  fixed.

You can download 5.0.0.4 from the following location:

http://www.Serv-U.com/dn.asp

Running the setup program should upgrade your existing installation of
Serv-U.  We don't expect any problems, but to be on the safe side
please make a backup of your Serv-U directory prior to installing the
new release."

Thanks,
Peter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ