lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <E1GmHZU-0007Ne-Ex@mercury.mandriva.com>
Date: Mon, 20 Nov 2006 15:25:00 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:217
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : proftpd
 Date    : November 20, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix,
 a Denial of Service (DoS) vulnerability exists in the FTP server
 ProFTPD, up to and including version 1.3.0.  The flaw is due to both a
 potential bus error and a definitive buffer overflow in the code which
 determines the FTP command buffer size limit. The vulnerability can be
 exploited only if the "CommandBufferSize" directive is explicitly used
 in the server configuration, which is not the case in the default
 configuration of ProFTPD.

 Packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 0053ca9816e0bc25bccfe2f44d908eda  2006.0/i586/proftpd-1.2.10-13.2.20060mdk.i586.rpm
 b01ed124f81f9f57c3217638f2b248fe  2006.0/i586/proftpd-anonymous-1.2.10-13.2.20060mdk.i586.rpm 
 0baf0a1757155c41e5a9748f3b5a2977  2006.0/SRPMS/proftpd-1.2.10-13.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 19c1348e2378d8e266543e9f411e7bec  2006.0/x86_64/proftpd-1.2.10-13.2.20060mdk.x86_64.rpm
 0c61b1862cea2be964ec7117d3c1fa9e  2006.0/x86_64/proftpd-anonymous-1.2.10-13.2.20060mdk.x86_64.rpm 
 0baf0a1757155c41e5a9748f3b5a2977  2006.0/SRPMS/proftpd-1.2.10-13.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 d1b46e09401cff86b5eb3cff5bb5d92d  2007.0/i586/proftpd-1.3.0-4.2mdv2007.0.i586.rpm
 50dfa344357ea77649c760086d99efc5  2007.0/i586/proftpd-anonymous-1.3.0-4.2mdv2007.0.i586.rpm
 ac4ffe2be045a45877c8ef5fca8aff82  2007.0/i586/proftpd-mod_autohost-1.3.0-4.2mdv2007.0.i586.rpm
 a220594eecdf47d08047592dfc6ed989  2007.0/i586/proftpd-mod_case-1.3.0-4.2mdv2007.0.i586.rpm
 ac8757c2cfda84be9340518730b2b0a9  2007.0/i586/proftpd-mod_clamav-1.3.0-4.2mdv2007.0.i586.rpm
 a4e8f9e4399c3455586c0ad5ece2a9ba  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.2mdv2007.0.i586.rpm
 6f3d1d596e634cbc725728606a220d74  2007.0/i586/proftpd-mod_facl-1.3.0-4.2mdv2007.0.i586.rpm
 093f77c4bf48659600d2255a55d8c66a  2007.0/i586/proftpd-mod_gss-1.3.0-4.2mdv2007.0.i586.rpm
 527188db7f7c0b6db43308823c7a245a  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.2mdv2007.0.i586.rpm
 3ad7759d27a44aafc84ef531c3ce0d83  2007.0/i586/proftpd-mod_ldap-1.3.0-4.2mdv2007.0.i586.rpm
 70db19b073046a2baffe846c2287e00c  2007.0/i586/proftpd-mod_load-1.3.0-4.2mdv2007.0.i586.rpm
 70416dbf2150fa2e29c9003cd9db627d  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.2mdv2007.0.i586.rpm
 62d8b7d49b89addb5a86962cf0efe210  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.2mdv2007.0.i586.rpm
 13431e876946f486a83e28d458e58e50  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.2mdv2007.0.i586.rpm
 4b95fe99c77ff967238ebf7c938c7d44  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.2mdv2007.0.i586.rpm
 116be0e7b33ed3862408440e61a7827e  2007.0/i586/proftpd-mod_radius-1.3.0-4.2mdv2007.0.i586.rpm
 00597f2284411df840d1d76c21d232a7  2007.0/i586/proftpd-mod_ratio-1.3.0-4.2mdv2007.0.i586.rpm
 c57184424270ab38993930258ae4ef3a  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.2mdv2007.0.i586.rpm
 dcdabe501922432bfaa13e4520caee54  2007.0/i586/proftpd-mod_shaper-1.3.0-4.2mdv2007.0.i586.rpm
 08f8675c360532db8679809c2df0a8bb  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.2mdv2007.0.i586.rpm
 5e7503e52019351d1eaef57e1e63ef9e  2007.0/i586/proftpd-mod_sql-1.3.0-4.2mdv2007.0.i586.rpm
 6ba4cc9d229111078df98081f0821600  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.2mdv2007.0.i586.rpm
 ec5429aaf01a432eeb4cc6ccfcf9183f  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.2mdv2007.0.i586.rpm
 dde8bc68edac5463601886b53756c402  2007.0/i586/proftpd-mod_time-1.3.0-4.2mdv2007.0.i586.rpm
 133560087f64cfa06b765cfda2b24780  2007.0/i586/proftpd-mod_tls-1.3.0-4.2mdv2007.0.i586.rpm
 eef642bb96557634370d24e040a3e3fd  2007.0/i586/proftpd-mod_wrap-1.3.0-4.2mdv2007.0.i586.rpm
 14f19ba95138a85a53c17173e006552f  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.2mdv2007.0.i586.rpm
 7a4ef558e014459382192aeac06a0bf6  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.2mdv2007.0.i586.rpm 
 997d5a11fe5fca5c7f04f5fe425a58b9  2007.0/SRPMS/proftpd-1.3.0-4.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 3b99b5f2a9edd6a5d05ade87a73db307  2007.0/x86_64/proftpd-1.3.0-4.2mdv2007.0.x86_64.rpm
 817e2d8131bb3fa9e47d98324ddac5c6  2007.0/x86_64/proftpd-anonymous-1.3.0-4.2mdv2007.0.x86_64.rpm
 d204a009c383529ed13c7599979c499d  2007.0/x86_64/proftpd-debug-1.3.0-4.2mdv2007.0.x86_64.rpm
 299328a3ef758215995bc2b228ec0b3f  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.2mdv2007.0.x86_64.rpm
 cd85e8a8042d8840b44660b980879859  2007.0/x86_64/proftpd-mod_case-1.3.0-4.2mdv2007.0.x86_64.rpm
 876c823f55cc56328c1cf6cc4c88ac96  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.2mdv2007.0.x86_64.rpm
 976fb7efc64eb1d96ba6dbe35a698471  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.2mdv2007.0.x86_64.rpm
 545f2c9ee7cdd13132fdbaa6c4be63b9  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.2mdv2007.0.x86_64.rpm
 6f8c16234f9c9c08e332aaf91d74489f  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.2mdv2007.0.x86_64.rpm
 d2f5795181c4e7b43f92fc5ae0ce3ab6  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.2mdv2007.0.x86_64.rpm
 fbbb100387e43c1fd879c4da1502393a  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.2mdv2007.0.x86_64.rpm
 9e41369b4fb53d33df4568c19728bd30  2007.0/x86_64/proftpd-mod_load-1.3.0-4.2mdv2007.0.x86_64.rpm
 4498f75ddf6f54736cda5d435999ade8  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.2mdv2007.0.x86_64.rpm
 5098bfb4b07b68f673ce2988656e5027  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.2mdv2007.0.x86_64.rpm
 3395c4202286675cef765b600c50a9d9  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.2mdv2007.0.x86_64.rpm
 5eebf72bcecb15b91368abe57ca5e33f  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.2mdv2007.0.x86_64.rpm
 1144a84050daef248645ef7af0f92995  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.2mdv2007.0.x86_64.rpm
 b917bf18c26150aa240e3afbbcf0b2f1  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.2mdv2007.0.x86_64.rpm
 a06fe91a4a37f5e403e1e58b05591724  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.2mdv2007.0.x86_64.rpm
 8ce4fe2a4a4558f0925d479d67400137  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.2mdv2007.0.x86_64.rpm
 1b8d0e93191bcbc3f32c09cc00eb9155  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.2mdv2007.0.x86_64.rpm
 548a2acaeba3bd5840c3ff7aacd2574c  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.2mdv2007.0.x86_64.rpm
 a7a8731b55ad81410c91b4a0559068ed  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.2mdv2007.0.x86_64.rpm
 18f8a27c84d8d62437c40bd1828d78b0  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.2mdv2007.0.x86_64.rpm
 a0e81004cde841dd8cf826eed6fb3225  2007.0/x86_64/proftpd-mod_time-1.3.0-4.2mdv2007.0.x86_64.rpm
 90298f22556f11f1e42488b87de37773  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.2mdv2007.0.x86_64.rpm
 f3fa5fe3b33fae484b35dd0368dcf00f  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.2mdv2007.0.x86_64.rpm
 064fb39be6c6f5326e20ed9d881cebf7  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.2mdv2007.0.x86_64.rpm
 e3871e76aed8d19fa548ee8641138076  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.2mdv2007.0.x86_64.rpm 
 997d5a11fe5fca5c7f04f5fe425a58b9  2007.0/SRPMS/proftpd-1.3.0-4.2mdv2007.0.src.rpm

 Corporate 3.0:
 1a83657627d6f218ae54f8b2c45fbd79  corporate/3.0/i586/proftpd-1.2.9-3.5.C30mdk.i586.rpm
 70e1eb731cfe7c8cb555a1eabc4bc4a3  corporate/3.0/i586/proftpd-anonymous-1.2.9-3.5.C30mdk.i586.rpm 
 1d7d9073cd0debaea27401a45bf24fbc  corporate/3.0/SRPMS/proftpd-1.2.9-3.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 41b6f448e1354f9589beee850f491f50  corporate/3.0/x86_64/proftpd-1.2.9-3.5.C30mdk.x86_64.rpm
 615446968808ac110d05aecfe3dbabd5  corporate/3.0/x86_64/proftpd-anonymous-1.2.9-3.5.C30mdk.x86_64.rpm 
 1d7d9073cd0debaea27401a45bf24fbc  corporate/3.0/SRPMS/proftpd-1.2.9-3.5.C30mdk.src.rpm

 Corporate 4.0:
 633aefd9b99b8c2879c0edf256b47d7a  corporate/4.0/i586/proftpd-1.2.10-20.2.20060mlcs4.i586.rpm
 edaf7462323b66dd57860f03e98c4795  corporate/4.0/i586/proftpd-anonymous-1.2.10-20.2.20060mlcs4.i586.rpm 
 79c119bdf57238b11f3b92882c1c0e75  corporate/4.0/SRPMS/proftpd-1.2.10-20.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f135f65d15347fe5f6b72d00b93964e7  corporate/4.0/x86_64/proftpd-1.2.10-20.2.20060mlcs4.x86_64.rpm
 5e25ac25c11105ca94f5a9aa2dd4dafc  corporate/4.0/x86_64/proftpd-anonymous-1.2.10-20.2.20060mlcs4.x86_64.rpm 
 79c119bdf57238b11f3b92882c1c0e75  corporate/4.0/SRPMS/proftpd-1.2.10-20.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYf3ymqjQ0CJFipgRAvcRAJ91oK3DHG1R+twQlhUHjwRE2Kg/WACcC7sV
1GR8XH6WF+J7S1rz3go/LRo=
=NoMr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ