ProFTPD version 1.3.3c

[EnriqueR]

I installed ProFTPD version 1.3.3c when i recived the email named 'Important Plesk Notification: ProFTPD Remote Code Execution Vulnerability and Exploit'.

When i access to an FTP account i see that the FTP no response. By connection SSH the FTP is Ok, but in another computer the FTP response 'no connection'. All the configuration is like before the update.

I need a response because before the update the FTP connection was ok.

Thanks.

 

[trialot]

Enrique,

What did you install? The atomic upgrade (yum upgrade psa-proftpd)?

Or did you use a source download and a compilation of source?

Let me know.....

 

[AntonA]

we got this email today as well - what does it mean, which server was checked and do you offer fix/patch/upgrade?

Thanks.

 

[EnriqueR]

I used 'yum upgrade psa-proftpd'. I've found the thread in the forum but i didn't found the solution. My system is CentOS 5. I have returned to previously version of proftpd but not solution was found.

I'm lost.

 

[horst rupp]

I used 'yum upgrade psa-proftpd'. I've found the thread in the forum but i didn't found the solution. My system is CentOS 5. I have returned to previously version of proftpd but not solution was found.

I'm lost.

if /usr/sbin/proftpd is from Nov 11 the fix is apllied, the version number of proftpd stays the same, e.g. 1.3.2

 

[EnriqueR]

Date is 2010-11-11
Version is ProFTPD Version 1.3.2e
By localhost connection FTP is Ok, but in another machine connection FTP refuse 'Connect failure'.

I don't have modified any firewall and before the update the FTP connection was Ok.

I explain you. I installed the atomicorp patch sended by email. Next i saw the FTP was down. Then I returned to the previously version and the FTP was down too. This is my actual situation.

 

[IgorG]

http://kb.odin.com/en/9294

 

[AntonA]

We are running PSA 8 and did this upgrade, now users can't login. Log files say "Incorrect password" even though we reset password several times. What would you suggest to do? Is it safe to downgrade and how?

Anton.

 

[rootfive]

I am not sure updated to 1.3.3c since it is still showing 1.3.2e. But file size is different though.
old version : -rwxr-xr-x 1 root root 714913 May 4 2010 /usr/sbin/proftpd
new version : -rwxr-xr-x 1 root root 715073 Oct 21 18:21 /usr/sbin/proftpd

 

[EnriqueR]

Sorry, it is solved. I'm from Spain and i have got an VPS with Arsys. This suministrator bloqued the 21 port by security. When it opened the port again, the FTP was Ok.

Thanks for your attencion.

 

[horst rupp]

We are running PSA 8 and did this upgrade, now users can't login. Log files say "Incorrect password" even though we reset password several times. What would you suggest to do? Is it safe to downgrade and how?

Anton.

PSA 8 doesn't need the upgrade, just restores /usr/sbin/proftpd from backup.

 

[horst rupp]

I am not sure updated to 1.3.3c since it is still showing 1.3.2e. But file size is different though.
old version : -rwxr-xr-x 1 root root 714913 May 4 2010 /usr/sbin/proftpd
new version : -rwxr-xr-x 1 root root 715073 Oct 21 18:21 /usr/sbin/proftpd

the update doesn't change the version, it just fixes the bug and sticks with 1.3.2.

anyway, it looks like it didn't work for You because the update is from Nov 10 and any earlier date looks wrong.

 

[rootfive]

the update doesn't change the version, it just fixes the bug and sticks with 1.3.2.

anyway, it looks like it didn't work for You because the update is from Nov 10 and any earlier date looks wrong.

I did update again but only date changed and file size is the same.
-rwxr-xr-x 1 root root 715073 Nov 12 11:08 /usr/sbin/proftpd

I am not sure that date thing is correct or not. It looks to me like that date took the time of update which I run.

 

[AntonA]

PSA 8 doesn't need the upgrade, just restores /usr/sbin/proftpd from backup.

can you or anyone else send me it? anton@aleksandrov.eu