March 23, 2001

Security update to in.ftpd and timed

Author: JT Smith

: Two parts of the nkitb/nkitserv package are vulnerable to security related
A one-byte bufferoverflow was discovered in the OpenBSD port of the
FTP daemon in.ftpd(8) several weeks ago.
This bug could just be triggered by authenticated users, which have write
access. This bug is believed to not be exploitable under Linux. However,
we prefer to provide a fixed update package to make sure that the daemon
is on the safe side.
in.ftpd(8) will be invoked by inetd(8) and is activated by default.


  • Linux
Click Here!