segfault (SECURITY) CVE-2017-18045

Version 1.52

Bugfix
Finished

Important security fix where a segfault from a specific request could allow a remote attacker unauthorized access. For anyone who cannot update to this version of DirectAdmin (eg: end-of-life OS), please add: email_ftp_password_change=0 to your directadmin.conf and restart DirectAdmin. We won't be immediately commenting on the details of the bug to allow everyone time to update. Update: As some client have disabled their auto-update or have still not updated yet, to help get the message out more quickly, we've requested a CVE ID number: CVE-2017-18045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18045

Interested to try DirectAdmin? Get a 30-day Free Trial!