I understand there is nasty security bug in ProFTPD versions prior to the new 1.2.9 version where someone can upload a specific text file and download it again using FTP to gain root access to the server. Is there a patched ProFTPD coming soon to plug this bug that works with DirectAdmin?

The security bug with ProFTPD is described here:
http://xforce.iss.net/xforce/alerts/id/154

I found my own answer to this question about a ProFTPD security patch in another thread:
http://www.directadmin.com/forum/showthread.php?s=&threadid=739&highlight=proftpd

Thanks! This is a patched 1.2.8 ProFTPD version. Are there plans for DirectAdmin to include a 1.2.9 version, or is that not necessary?

I'm sure the version distobuted with DirectAdmin will be updated when they get around to it.

DirectAdmin have this been updated yet? Can we just use the standard proftpd and compile it ourselves?

Hello,

You are free to recomile it yourself. I'll try and get the rpm's/tgz out for 1.2.9 soon. I'll post to the updates section when I do.

John