On Wed Nov 22 01:58:10 PM, Thomas L. Shinnick wrote:

[much snipped]

> I guess it really comes down to the simple question:
>
> Does this entire threat depend on the use of the
> CommandBufferSize directive,
> which would have to be manually added to any sample starting
> configuration?
>
> If so, then we have a new definition of "reliable researcher":
> "not usually so _obviously_ profit-driven"


It appears the answer is no. This posting:

http://archives.neohapsis.com/archiv...6-q4/0224.html

suggests that the 0-day has nothing to do with the CommandBufferSize
directive.

Sad to say but I'm moving over to vsftpd, at least for the time being.

http://vsftpd.beasts.org/

Cheers,
Zube

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html