Hello,

both cases does mention "unspecified error". That imho means, someone has to
buy that 'VulnDisco' SW to find out what that is to know how to fix it.

It's like "If you buy my software, you will be able to find out that
ProFTPD-1.3.0 is vulnerable".

>From: Ken Williams
>Date: Fri, 10 Nov 2006 11:43:04 -0800 (PST)
>Subject: [Proftpd-user] security issue fixed?
>To: proftp-user@lists.sourceforge.net
>
>has this been fixed yet 1.3.1 RC1? I can't find anything anywhere on it.
>
>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5815
>http://secunia.com/advisories/22803/


> From: Zube
> Date: Sat, 11 Nov 2006 07:06:01 -0700
> Subject: [Proftpd-user] any additional info on proftpd 1.3.0 remote exploit?
> To: proftp-user@lists.sourceforge.net
>
> http://securitytracker.com/alerts/2006/Nov/1017167.html
>
> mentions a remote issue with proftpd.
>
> So does the NVD:
>
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5815
>
> which provides this link:
>
> http://gleg.net/vulndisco_meta.shtml
>
> which mentions the exploit in a for-pay package.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html