Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2011:047 ] proftpd
From: security () mandriva com
Date: Fri, 18 Mar 2011 12:29:01 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:047
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : proftpd
 Date    : March 18, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in proftpd:
 
 Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d
 and earlier allows remote attackers to cause a denial of service
 (memory consumption leading to OOM kill) via a malformed SSH message
 (CVE-2011-1137).
 
 Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the
 same version as in Mandriva Linux 2010.2.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 8e491a641c66bfd2233376fc5c79c3ae  2010.0/i586/proftpd-1.3.3-0.1mdv2010.0.i586.rpm
 4456b728c212a896862828d86eb6f3ef  2010.0/i586/proftpd-devel-1.3.3-0.1mdv2010.0.i586.rpm
 001e46cc5f36ba64c9ae20d1ba4c4801  2010.0/i586/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.i586.rpm
 a3bebc84c79fc1e011187cb743ec901e  2010.0/i586/proftpd-mod_ban-1.3.3-0.1mdv2010.0.i586.rpm
 5792da80041ca987653271bc927e8e48  2010.0/i586/proftpd-mod_case-1.3.3-0.1mdv2010.0.i586.rpm
 d9546d0b534932554a415dad8eda61e4  2010.0/i586/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.i586.rpm
 67fca9fe7447a7b71ea380b56e4d6dbb  2010.0/i586/proftpd-mod_gss-1.3.3-0.1mdv2010.0.i586.rpm
 9682701d0dc44de6ae8823f3b751f2a3  2010.0/i586/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.i586.rpm
 375fe3abc5ed0c8ed59216a15b54817d  2010.0/i586/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.i586.rpm
 21b9fbab449567331679a4582cf2299f  2010.0/i586/proftpd-mod_load-1.3.3-0.1mdv2010.0.i586.rpm
 3ddacfaa23963c922e2ba3ce1e75d398  2010.0/i586/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.i586.rpm
 74e71e1de83accce2c55857768c5f034  2010.0/i586/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.i586.rpm
 1a671f16b84f12fb65ec2452868561eb  2010.0/i586/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.i586.rpm
 effc2ceebc34839377f8faa9b992d5a2  2010.0/i586/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.i586.rpm
 9c9f0a8bba8de8dfe52e5418adae37d7  2010.0/i586/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.i586.rpm
 36b793ff943513dafedb1cf4fb950623  2010.0/i586/proftpd-mod_radius-1.3.3-0.1mdv2010.0.i586.rpm
 65413a1eb94c91f729c9569e79df6b11  2010.0/i586/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.i586.rpm
 f7e94d2c4b3a707ac74c3c7a0dec7026  2010.0/i586/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.i586.rpm
 4ca434ff1754ef12561607d5edd9a22f  2010.0/i586/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.i586.rpm
 f2e73feb4cb1e23c78043469b2517a2c  2010.0/i586/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.i586.rpm
 d628bee7746f0c583436f06c3d87a3ce  2010.0/i586/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.i586.rpm
 10c1949441e8995a6cfd29115b2d1eca  2010.0/i586/proftpd-mod_sql-1.3.3-0.1mdv2010.0.i586.rpm
 a0797d6f775a3594981b1445fbbf3f2b  2010.0/i586/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.i586.rpm
 b0b9c84cd77dcb2acafb196b8a98d9d7  2010.0/i586/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.i586.rpm
 45d41896bd0ca0bb0d824c032f461dd3  2010.0/i586/proftpd-mod_time-1.3.3-0.1mdv2010.0.i586.rpm
 25a1af43cbcb4aa74391f0a3a2b339f8  2010.0/i586/proftpd-mod_tls-1.3.3-0.1mdv2010.0.i586.rpm
 226cf260eb3d6460c071b4b7c0f074a7  2010.0/i586/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.i586.rpm
 f528d0ff77b7a9ffd5f5733db64bb676  2010.0/i586/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.i586.rpm
 aa1d74b81a020c4463385babc0c99a2f  2010.0/i586/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.i586.rpm
 d5c34155b8267f4b7ebd490a790637c3  2010.0/i586/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.i586.rpm 
 ba10d155a3f958e5d07b08aa2d242a1e  2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 21e5304dbfaba0456df4fcdf07c6146f  2010.0/x86_64/proftpd-1.3.3-0.1mdv2010.0.x86_64.rpm
 bf81f5f838416e8ad6be026c72b96d77  2010.0/x86_64/proftpd-devel-1.3.3-0.1mdv2010.0.x86_64.rpm
 99ac6d0ca6b7325a9d037c04c337d9cf  2010.0/x86_64/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.x86_64.rpm
 3bffd5be09b9042c4da02a6ec51191d1  2010.0/x86_64/proftpd-mod_ban-1.3.3-0.1mdv2010.0.x86_64.rpm
 4f945c34baf41cd0955932a1dc616c6a  2010.0/x86_64/proftpd-mod_case-1.3.3-0.1mdv2010.0.x86_64.rpm
 6822a142ddcdb057f66c2e76652e860d  2010.0/x86_64/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.x86_64.rpm
 47785c7468636e0e3a0bc232b23ad760  2010.0/x86_64/proftpd-mod_gss-1.3.3-0.1mdv2010.0.x86_64.rpm
 317a739c1cfd6d6675b7bb03c030d3fb  2010.0/x86_64/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.x86_64.rpm
 e1360da80add4ce853070dc967bdd2d1  2010.0/x86_64/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
 a49b00beea14d6f8cadc802cde8c7233  2010.0/x86_64/proftpd-mod_load-1.3.3-0.1mdv2010.0.x86_64.rpm
 014e6ac4e0bf2727cdb8865a28414e75  2010.0/x86_64/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.x86_64.rpm
 7fb242bb82489f11abe44253934a4756  2010.0/x86_64/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.x86_64.rpm
 58307df293dcef719e79a53f3e7fb9f4  2010.0/x86_64/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
 5835ff3e5863e1199d24641a241c47e5  2010.0/x86_64/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
 94123c50b12036a4cb985315dad521fd  2010.0/x86_64/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
 3e7c6733a5af27a4196337294270a43b  2010.0/x86_64/proftpd-mod_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
 a760519f157a337e1949362ef29c9bac  2010.0/x86_64/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.x86_64.rpm
 e744ed76ca9e819620897d43cdc67f15  2010.0/x86_64/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.x86_64.rpm
 d44e8d2d02ef0091ff3f08b55f6775e7  2010.0/x86_64/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.x86_64.rpm
 20557b6d606782395a9a9a0b89d931d4  2010.0/x86_64/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.x86_64.rpm
 9ff9dcf82937c17c5541668f1315b5e0  2010.0/x86_64/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.x86_64.rpm
 9a0b9017af67bf19f51c7d13606ce3b4  2010.0/x86_64/proftpd-mod_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
 2ff6ceed8da31234357a947b7c376f18  2010.0/x86_64/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.x86_64.rpm
 9881602575a12e853d060e82edc297d3  2010.0/x86_64/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.x86_64.rpm
 7f0404c16684fd355edfb91dd57e1443  2010.0/x86_64/proftpd-mod_time-1.3.3-0.1mdv2010.0.x86_64.rpm
 a4f37506c8d7e022788ea715c5efe714  2010.0/x86_64/proftpd-mod_tls-1.3.3-0.1mdv2010.0.x86_64.rpm
 af584e8879952028c7c6f753f8227c39  2010.0/x86_64/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.x86_64.rpm
 e1edc0fdd4be2299982094b2503a4f09  2010.0/x86_64/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.x86_64.rpm
 71a94237adc678b7a6bc53a9c31af9c3  2010.0/x86_64/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.x86_64.rpm
 a8ed961560a85f1d85170d034972b6a7  2010.0/x86_64/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.x86_64.rpm 
 ba10d155a3f958e5d07b08aa2d242a1e  2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 21c3ca9a337aa9e9114840080413a420  2010.1/i586/proftpd-1.3.3-3.3mdv2010.2.i586.rpm
 c78fb3906cc3be14bf0ded624c9fcf25  2010.1/i586/proftpd-devel-1.3.3-3.3mdv2010.2.i586.rpm
 e1fdefabb0cfcc205118f3c4c44b8f2c  2010.1/i586/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.i586.rpm
 cdb6ba0403b0c655333964ebfdcbdc6b  2010.1/i586/proftpd-mod_ban-1.3.3-3.3mdv2010.2.i586.rpm
 108ca56dfc5e9f3a9971c60bcb58d1c4  2010.1/i586/proftpd-mod_case-1.3.3-3.3mdv2010.2.i586.rpm
 68fc2d46c2fdc2b3bfe15e2ef9daa4e3  2010.1/i586/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.i586.rpm
 034160142b8b5aedad03523b028e2704  2010.1/i586/proftpd-mod_gss-1.3.3-3.3mdv2010.2.i586.rpm
 5fbfa8ffa73dfec8283fec38f1511f88  2010.1/i586/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.i586.rpm
 0935dbb615ec3dbd3f5599b330c18e36  2010.1/i586/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.i586.rpm
 7d0762881a048bb40cbece6e12d963e7  2010.1/i586/proftpd-mod_load-1.3.3-3.3mdv2010.2.i586.rpm
 2ba43e420c105c1dbc92502f9614ead0  2010.1/i586/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.i586.rpm
 64f85d3520f6c00dc0983c891055c488  2010.1/i586/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.i586.rpm
 8565c9b73c2002c522f1e0a3169d72a9  2010.1/i586/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.i586.rpm
 72c3e76239d832886383b75656dbaa1f  2010.1/i586/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.i586.rpm
 2383e60427de5ca961177d2a1b066f04  2010.1/i586/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.i586.rpm
 226d78053883df1cfa59af8c08f088b4  2010.1/i586/proftpd-mod_radius-1.3.3-3.3mdv2010.2.i586.rpm
 d85179ec9c8068a7754fe92356cfe67c  2010.1/i586/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.i586.rpm
 d0c93a5a72da764224ab21baf0f5264e  2010.1/i586/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.i586.rpm
 03b1d9ff10428d56ddec77888bc27f6e  2010.1/i586/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.i586.rpm
 9a6cf41f51e0d450c068e7eac88a256a  2010.1/i586/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.i586.rpm
 777926e081a54076dc0c637c0099c34a  2010.1/i586/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.i586.rpm
 6aa8d46fd75936b2b1054f8f5da115f4  2010.1/i586/proftpd-mod_sql-1.3.3-3.3mdv2010.2.i586.rpm
 faa71b2da6955b6832e54212078dbbc4  2010.1/i586/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.i586.rpm
 453f378fadf4dcf535f94917f8e2b258  2010.1/i586/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.i586.rpm
 02eb74869583b970413f26073154acc6  2010.1/i586/proftpd-mod_time-1.3.3-3.3mdv2010.2.i586.rpm
 37bfb873aa260e37e490db0352681bdf  2010.1/i586/proftpd-mod_tls-1.3.3-3.3mdv2010.2.i586.rpm
 9df8ab714ddf1244eecefbb6817db174  2010.1/i586/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.i586.rpm
 ceca741c1c3174751976aba876b2fbbf  2010.1/i586/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.i586.rpm
 bbd26d751a7ef98bb72a385b663e86c5  2010.1/i586/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.i586.rpm
 a2945b9e28962daf37f15cd2f3510580  2010.1/i586/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.i586.rpm 
 eef597260ee0a0915dc8d530cc864b48  2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 a9d0108309deef250b7e62a411f3b937  2010.1/x86_64/proftpd-1.3.3-3.3mdv2010.2.x86_64.rpm
 c6b80052351b7cfa52bc93d6c1d0cf23  2010.1/x86_64/proftpd-devel-1.3.3-3.3mdv2010.2.x86_64.rpm
 7ec4223fa51b0ef30c465055925483d2  2010.1/x86_64/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.x86_64.rpm
 f842d851a9ec55b6be2da73d8ee0af97  2010.1/x86_64/proftpd-mod_ban-1.3.3-3.3mdv2010.2.x86_64.rpm
 a9de955cccff0d28280e8f594df58d85  2010.1/x86_64/proftpd-mod_case-1.3.3-3.3mdv2010.2.x86_64.rpm
 7086c63979aa6cefb7a24016541b2716  2010.1/x86_64/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.x86_64.rpm
 fd0c7873a5d6b278c5496fd892867200  2010.1/x86_64/proftpd-mod_gss-1.3.3-3.3mdv2010.2.x86_64.rpm
 40548353c4357a50ae5a05f75a56cbf9  2010.1/x86_64/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.x86_64.rpm
 8eea53a05e52da179b80b514319cee27  2010.1/x86_64/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
 577d8453d4639e553043a21790dcaa82  2010.1/x86_64/proftpd-mod_load-1.3.3-3.3mdv2010.2.x86_64.rpm
 f88e001cf3b7b3aa810b4bcab1e9d67d  2010.1/x86_64/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.x86_64.rpm
 81d0658f0f4fdb3461ffaf3677e3f2a7  2010.1/x86_64/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.x86_64.rpm
 e16d5eb975cf51deed253027a210e01a  2010.1/x86_64/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
 226e75abbf1d6965cd16551b72fe2b32  2010.1/x86_64/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
 68bf4bb90b6b8e75e6545edf9687e073  2010.1/x86_64/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
 7d428fb0dc00fc990ade486d841f2a8d  2010.1/x86_64/proftpd-mod_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
 b26b6ad04f49c47f91b6076b9d4a93e1  2010.1/x86_64/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.x86_64.rpm
 337bc72bb4939f09e108af0480db0ba4  2010.1/x86_64/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.x86_64.rpm
 1d6d728e67b586e2291e9baac181c73e  2010.1/x86_64/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.x86_64.rpm
 5d1d147f7d66b8a4b2dbf7c07ada0b65  2010.1/x86_64/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.x86_64.rpm
 40717f1532a55d6a422362715f4749a3  2010.1/x86_64/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.x86_64.rpm
 51d5f6097fb9a31eda3fdf6447891235  2010.1/x86_64/proftpd-mod_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
 aefcd441d760691fb17f3067bdef191c  2010.1/x86_64/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.x86_64.rpm
 40c71df695c143dec2862e2448a4b442  2010.1/x86_64/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.x86_64.rpm
 cb97b81004db2b416f31d497979b9291  2010.1/x86_64/proftpd-mod_time-1.3.3-3.3mdv2010.2.x86_64.rpm
 934b93882c828d1a7845ee5793dee8ca  2010.1/x86_64/proftpd-mod_tls-1.3.3-3.3mdv2010.2.x86_64.rpm
 ddc7c44a2535ff8e23f8a8b8d8dcad59  2010.1/x86_64/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.x86_64.rpm
 21daf0a953db4b5782575d1e2ca670b4  2010.1/x86_64/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.x86_64.rpm
 774d30247dddbf46ad15605b0f3e89fb  2010.1/x86_64/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.x86_64.rpm
 e18bf5729e1295f50913b9d7a7e6f1e9  2010.1/x86_64/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.x86_64.rpm 
 eef597260ee0a0915dc8d530cc864b48  2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNgxVlmqjQ0CJFipgRAgIIAJ4pzgeAkWAt3VgfYn+AkVG8f8mpggCgn0v/
cIM2Ft0q8nN4NJEKWhthOXE=
=5KUw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:047 ] proftpd security (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault