[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2011:047 ] proftpd
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2011:047 ] proftpd
- From: security@xxxxxxxxxxxx
- Date: Fri, 18 Mar 2011 12:29:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:047
http://www.mandriva.com/security/
_______________________________________________________________________
Package : proftpd
Date : March 18, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in proftpd:
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d
and earlier allows remote attackers to cause a denial of service
(memory consumption leading to OOM kill) via a malformed SSH message
(CVE-2011-1137).
Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the
same version as in Mandriva Linux 2010.2.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
8e491a641c66bfd2233376fc5c79c3ae
2010.0/i586/proftpd-1.3.3-0.1mdv2010.0.i586.rpm
4456b728c212a896862828d86eb6f3ef
2010.0/i586/proftpd-devel-1.3.3-0.1mdv2010.0.i586.rpm
001e46cc5f36ba64c9ae20d1ba4c4801
2010.0/i586/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.i586.rpm
a3bebc84c79fc1e011187cb743ec901e
2010.0/i586/proftpd-mod_ban-1.3.3-0.1mdv2010.0.i586.rpm
5792da80041ca987653271bc927e8e48
2010.0/i586/proftpd-mod_case-1.3.3-0.1mdv2010.0.i586.rpm
d9546d0b534932554a415dad8eda61e4
2010.0/i586/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.i586.rpm
67fca9fe7447a7b71ea380b56e4d6dbb
2010.0/i586/proftpd-mod_gss-1.3.3-0.1mdv2010.0.i586.rpm
9682701d0dc44de6ae8823f3b751f2a3
2010.0/i586/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.i586.rpm
375fe3abc5ed0c8ed59216a15b54817d
2010.0/i586/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.i586.rpm
21b9fbab449567331679a4582cf2299f
2010.0/i586/proftpd-mod_load-1.3.3-0.1mdv2010.0.i586.rpm
3ddacfaa23963c922e2ba3ce1e75d398
2010.0/i586/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.i586.rpm
74e71e1de83accce2c55857768c5f034
2010.0/i586/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.i586.rpm
1a671f16b84f12fb65ec2452868561eb
2010.0/i586/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.i586.rpm
effc2ceebc34839377f8faa9b992d5a2
2010.0/i586/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.i586.rpm
9c9f0a8bba8de8dfe52e5418adae37d7
2010.0/i586/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.i586.rpm
36b793ff943513dafedb1cf4fb950623
2010.0/i586/proftpd-mod_radius-1.3.3-0.1mdv2010.0.i586.rpm
65413a1eb94c91f729c9569e79df6b11
2010.0/i586/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.i586.rpm
f7e94d2c4b3a707ac74c3c7a0dec7026
2010.0/i586/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.i586.rpm
4ca434ff1754ef12561607d5edd9a22f
2010.0/i586/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.i586.rpm
f2e73feb4cb1e23c78043469b2517a2c
2010.0/i586/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.i586.rpm
d628bee7746f0c583436f06c3d87a3ce
2010.0/i586/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.i586.rpm
10c1949441e8995a6cfd29115b2d1eca
2010.0/i586/proftpd-mod_sql-1.3.3-0.1mdv2010.0.i586.rpm
a0797d6f775a3594981b1445fbbf3f2b
2010.0/i586/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.i586.rpm
b0b9c84cd77dcb2acafb196b8a98d9d7
2010.0/i586/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.i586.rpm
45d41896bd0ca0bb0d824c032f461dd3
2010.0/i586/proftpd-mod_time-1.3.3-0.1mdv2010.0.i586.rpm
25a1af43cbcb4aa74391f0a3a2b339f8
2010.0/i586/proftpd-mod_tls-1.3.3-0.1mdv2010.0.i586.rpm
226cf260eb3d6460c071b4b7c0f074a7
2010.0/i586/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.i586.rpm
f528d0ff77b7a9ffd5f5733db64bb676
2010.0/i586/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.i586.rpm
aa1d74b81a020c4463385babc0c99a2f
2010.0/i586/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.i586.rpm
d5c34155b8267f4b7ebd490a790637c3
2010.0/i586/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.i586.rpm
ba10d155a3f958e5d07b08aa2d242a1e
2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
21e5304dbfaba0456df4fcdf07c6146f
2010.0/x86_64/proftpd-1.3.3-0.1mdv2010.0.x86_64.rpm
bf81f5f838416e8ad6be026c72b96d77
2010.0/x86_64/proftpd-devel-1.3.3-0.1mdv2010.0.x86_64.rpm
99ac6d0ca6b7325a9d037c04c337d9cf
2010.0/x86_64/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.x86_64.rpm
3bffd5be09b9042c4da02a6ec51191d1
2010.0/x86_64/proftpd-mod_ban-1.3.3-0.1mdv2010.0.x86_64.rpm
4f945c34baf41cd0955932a1dc616c6a
2010.0/x86_64/proftpd-mod_case-1.3.3-0.1mdv2010.0.x86_64.rpm
6822a142ddcdb057f66c2e76652e860d
2010.0/x86_64/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.x86_64.rpm
47785c7468636e0e3a0bc232b23ad760
2010.0/x86_64/proftpd-mod_gss-1.3.3-0.1mdv2010.0.x86_64.rpm
317a739c1cfd6d6675b7bb03c030d3fb
2010.0/x86_64/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.x86_64.rpm
e1360da80add4ce853070dc967bdd2d1
2010.0/x86_64/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
a49b00beea14d6f8cadc802cde8c7233
2010.0/x86_64/proftpd-mod_load-1.3.3-0.1mdv2010.0.x86_64.rpm
014e6ac4e0bf2727cdb8865a28414e75
2010.0/x86_64/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.x86_64.rpm
7fb242bb82489f11abe44253934a4756
2010.0/x86_64/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.x86_64.rpm
58307df293dcef719e79a53f3e7fb9f4
2010.0/x86_64/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
5835ff3e5863e1199d24641a241c47e5
2010.0/x86_64/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
94123c50b12036a4cb985315dad521fd
2010.0/x86_64/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
3e7c6733a5af27a4196337294270a43b
2010.0/x86_64/proftpd-mod_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
a760519f157a337e1949362ef29c9bac
2010.0/x86_64/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.x86_64.rpm
e744ed76ca9e819620897d43cdc67f15
2010.0/x86_64/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.x86_64.rpm
d44e8d2d02ef0091ff3f08b55f6775e7
2010.0/x86_64/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.x86_64.rpm
20557b6d606782395a9a9a0b89d931d4
2010.0/x86_64/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.x86_64.rpm
9ff9dcf82937c17c5541668f1315b5e0
2010.0/x86_64/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.x86_64.rpm
9a0b9017af67bf19f51c7d13606ce3b4
2010.0/x86_64/proftpd-mod_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
2ff6ceed8da31234357a947b7c376f18
2010.0/x86_64/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.x86_64.rpm
9881602575a12e853d060e82edc297d3
2010.0/x86_64/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.x86_64.rpm
7f0404c16684fd355edfb91dd57e1443
2010.0/x86_64/proftpd-mod_time-1.3.3-0.1mdv2010.0.x86_64.rpm
a4f37506c8d7e022788ea715c5efe714
2010.0/x86_64/proftpd-mod_tls-1.3.3-0.1mdv2010.0.x86_64.rpm
af584e8879952028c7c6f753f8227c39
2010.0/x86_64/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.x86_64.rpm
e1edc0fdd4be2299982094b2503a4f09
2010.0/x86_64/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.x86_64.rpm
71a94237adc678b7a6bc53a9c31af9c3
2010.0/x86_64/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.x86_64.rpm
a8ed961560a85f1d85170d034972b6a7
2010.0/x86_64/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
ba10d155a3f958e5d07b08aa2d242a1e
2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
21c3ca9a337aa9e9114840080413a420
2010.1/i586/proftpd-1.3.3-3.3mdv2010.2.i586.rpm
c78fb3906cc3be14bf0ded624c9fcf25
2010.1/i586/proftpd-devel-1.3.3-3.3mdv2010.2.i586.rpm
e1fdefabb0cfcc205118f3c4c44b8f2c
2010.1/i586/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.i586.rpm
cdb6ba0403b0c655333964ebfdcbdc6b
2010.1/i586/proftpd-mod_ban-1.3.3-3.3mdv2010.2.i586.rpm
108ca56dfc5e9f3a9971c60bcb58d1c4
2010.1/i586/proftpd-mod_case-1.3.3-3.3mdv2010.2.i586.rpm
68fc2d46c2fdc2b3bfe15e2ef9daa4e3
2010.1/i586/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.i586.rpm
034160142b8b5aedad03523b028e2704
2010.1/i586/proftpd-mod_gss-1.3.3-3.3mdv2010.2.i586.rpm
5fbfa8ffa73dfec8283fec38f1511f88
2010.1/i586/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.i586.rpm
0935dbb615ec3dbd3f5599b330c18e36
2010.1/i586/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.i586.rpm
7d0762881a048bb40cbece6e12d963e7
2010.1/i586/proftpd-mod_load-1.3.3-3.3mdv2010.2.i586.rpm
2ba43e420c105c1dbc92502f9614ead0
2010.1/i586/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.i586.rpm
64f85d3520f6c00dc0983c891055c488
2010.1/i586/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.i586.rpm
8565c9b73c2002c522f1e0a3169d72a9
2010.1/i586/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.i586.rpm
72c3e76239d832886383b75656dbaa1f
2010.1/i586/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.i586.rpm
2383e60427de5ca961177d2a1b066f04
2010.1/i586/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.i586.rpm
226d78053883df1cfa59af8c08f088b4
2010.1/i586/proftpd-mod_radius-1.3.3-3.3mdv2010.2.i586.rpm
d85179ec9c8068a7754fe92356cfe67c
2010.1/i586/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.i586.rpm
d0c93a5a72da764224ab21baf0f5264e
2010.1/i586/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.i586.rpm
03b1d9ff10428d56ddec77888bc27f6e
2010.1/i586/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.i586.rpm
9a6cf41f51e0d450c068e7eac88a256a
2010.1/i586/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.i586.rpm
777926e081a54076dc0c637c0099c34a
2010.1/i586/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.i586.rpm
6aa8d46fd75936b2b1054f8f5da115f4
2010.1/i586/proftpd-mod_sql-1.3.3-3.3mdv2010.2.i586.rpm
faa71b2da6955b6832e54212078dbbc4
2010.1/i586/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.i586.rpm
453f378fadf4dcf535f94917f8e2b258
2010.1/i586/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.i586.rpm
02eb74869583b970413f26073154acc6
2010.1/i586/proftpd-mod_time-1.3.3-3.3mdv2010.2.i586.rpm
37bfb873aa260e37e490db0352681bdf
2010.1/i586/proftpd-mod_tls-1.3.3-3.3mdv2010.2.i586.rpm
9df8ab714ddf1244eecefbb6817db174
2010.1/i586/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.i586.rpm
ceca741c1c3174751976aba876b2fbbf
2010.1/i586/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.i586.rpm
bbd26d751a7ef98bb72a385b663e86c5
2010.1/i586/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.i586.rpm
a2945b9e28962daf37f15cd2f3510580
2010.1/i586/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.i586.rpm
eef597260ee0a0915dc8d530cc864b48
2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
a9d0108309deef250b7e62a411f3b937
2010.1/x86_64/proftpd-1.3.3-3.3mdv2010.2.x86_64.rpm
c6b80052351b7cfa52bc93d6c1d0cf23
2010.1/x86_64/proftpd-devel-1.3.3-3.3mdv2010.2.x86_64.rpm
7ec4223fa51b0ef30c465055925483d2
2010.1/x86_64/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.x86_64.rpm
f842d851a9ec55b6be2da73d8ee0af97
2010.1/x86_64/proftpd-mod_ban-1.3.3-3.3mdv2010.2.x86_64.rpm
a9de955cccff0d28280e8f594df58d85
2010.1/x86_64/proftpd-mod_case-1.3.3-3.3mdv2010.2.x86_64.rpm
7086c63979aa6cefb7a24016541b2716
2010.1/x86_64/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.x86_64.rpm
fd0c7873a5d6b278c5496fd892867200
2010.1/x86_64/proftpd-mod_gss-1.3.3-3.3mdv2010.2.x86_64.rpm
40548353c4357a50ae5a05f75a56cbf9
2010.1/x86_64/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.x86_64.rpm
8eea53a05e52da179b80b514319cee27
2010.1/x86_64/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
577d8453d4639e553043a21790dcaa82
2010.1/x86_64/proftpd-mod_load-1.3.3-3.3mdv2010.2.x86_64.rpm
f88e001cf3b7b3aa810b4bcab1e9d67d
2010.1/x86_64/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.x86_64.rpm
81d0658f0f4fdb3461ffaf3677e3f2a7
2010.1/x86_64/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.x86_64.rpm
e16d5eb975cf51deed253027a210e01a
2010.1/x86_64/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
226e75abbf1d6965cd16551b72fe2b32
2010.1/x86_64/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
68bf4bb90b6b8e75e6545edf9687e073
2010.1/x86_64/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
7d428fb0dc00fc990ade486d841f2a8d
2010.1/x86_64/proftpd-mod_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
b26b6ad04f49c47f91b6076b9d4a93e1
2010.1/x86_64/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.x86_64.rpm
337bc72bb4939f09e108af0480db0ba4
2010.1/x86_64/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.x86_64.rpm
1d6d728e67b586e2291e9baac181c73e
2010.1/x86_64/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.x86_64.rpm
5d1d147f7d66b8a4b2dbf7c07ada0b65
2010.1/x86_64/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.x86_64.rpm
40717f1532a55d6a422362715f4749a3
2010.1/x86_64/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.x86_64.rpm
51d5f6097fb9a31eda3fdf6447891235
2010.1/x86_64/proftpd-mod_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
aefcd441d760691fb17f3067bdef191c
2010.1/x86_64/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.x86_64.rpm
40c71df695c143dec2862e2448a4b442
2010.1/x86_64/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.x86_64.rpm
cb97b81004db2b416f31d497979b9291
2010.1/x86_64/proftpd-mod_time-1.3.3-3.3mdv2010.2.x86_64.rpm
934b93882c828d1a7845ee5793dee8ca
2010.1/x86_64/proftpd-mod_tls-1.3.3-3.3mdv2010.2.x86_64.rpm
ddc7c44a2535ff8e23f8a8b8d8dcad59
2010.1/x86_64/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.x86_64.rpm
21daf0a953db4b5782575d1e2ca670b4
2010.1/x86_64/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.x86_64.rpm
774d30247dddbf46ad15605b0f3e89fb
2010.1/x86_64/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.x86_64.rpm
e18bf5729e1295f50913b9d7a7e6f1e9
2010.1/x86_64/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
eef597260ee0a0915dc8d530cc864b48
2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNgxVlmqjQ0CJFipgRAgIIAJ4pzgeAkWAt3VgfYn+AkVG8f8mpggCgn0v/
cIM2Ft0q8nN4NJEKWhthOXE=
=5KUw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/