Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code.
|Package||net-ftp/proftpd on all architectures|
|Affected versions||< 1.3.4d|
|Unaffected versions||>= 1.3.4d|
ProFTPD is an advanced and very configurable FTP server.
Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details.
A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.4d"