hm might be, that there's a vulnerability in mod_site_misc.
But WE are NOT using it. Sry - thats why i didn't mentioned that one.
You can easy double check :
1) open files :
Quote:
www:~# lsof |grep proftpd|grep mod
proftpd 32119 nobody mem REG 8,1 1231955 /usr/lib/gconv/gconv-modules.cache (path inode=1230641)
proftpd 32119 nobody mem REG 8,1 28200 1245858 /usr/lib/proftpd/mod_ctrls_admin.so
proftpd 32119 nobody mem REG 8,1 84544 1245815 /usr/lib/proftpd/mod_tls.so
proftpd 32119 nobody mem REG 8,1 73088 1245931 /usr/lib/proftpd/mod_sql.so
proftpd 32119 nobody mem REG 8,1 49376 1245803 /usr/lib/proftpd/mod_ldap.so
proftpd 32119 nobody mem REG 8,1 22000 1245538 /usr/lib/proftpd/mod_sql_mysql.so
proftpd 32119 nobody mem REG 8,1 21872 607487 /usr/lib/proftpd/mod_sql_postgres.so
proftpd 32119 nobody mem REG 8,1 49744 1245912 /usr/lib/proftpd/mod_quotatab.so
proftpd 32119 nobody mem REG 8,1 8192 1245833 /usr/lib/proftpd/mod_quotatab_file.so
proftpd 32119 nobody mem REG 8,1 7072 1245800 /usr/lib/proftpd/mod_quotatab_ldap.so
proftpd 32119 nobody mem REG 8,1 15072 1245918 /usr/lib/proftpd/mod_quotatab_sql.so
proftpd 32119 nobody mem REG 8,1 46240 1245861 /usr/lib/proftpd/mod_radius.so
proftpd 32119 nobody mem REG 8,1 17408 1245930 /usr/lib/proftpd/mod_wrap.so
proftpd 32119 nobody mem REG 8,1 36160 1245857 /usr/lib/proftpd/mod_rewrite.so
proftpd 32119 nobody mem REG 8,1 12768 1245859 /usr/lib/proftpd/mod_ifsession.so
www:~#
2. the module must be mentioned in your config to be loaded.
just do a
Quote:www:/etc/proftpd# grep mod_site_misc.so modules.conf
www:/etc/proftpd#
no output is good output
- if its loaded just put a # in front of the LoadModule directive & restart proftpd || kill all running proftpd processes if you're using (x)inetd.