lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GwUZI-0005qh-Q4@mercury.mandriva.com>
Date: Mon, 18 Dec 2006 19:19:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:232 ] - Updated proftpd packages fix
	mod_ctrls vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:232
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : proftpd
 Date    : December 18, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in the pr_ctrls_recv_request function in
 ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local
 users to execute arbitrary code via a large reqarglen length value.

 Packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 afa8803b9eede3fb73f55d31cb33e594  2007.0/i586/proftpd-1.3.0-4.4mdv2007.0.i586.rpm
 a1239dcf4957c20d234084c22a063812  2007.0/i586/proftpd-anonymous-1.3.0-4.4mdv2007.0.i586.rpm
 e9e9a955957310f3ef26fa55e24a191d  2007.0/i586/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.i586.rpm
 f1b9111ed66ef2316e386e992bff56a8  2007.0/i586/proftpd-mod_case-1.3.0-4.4mdv2007.0.i586.rpm
 2f2aa9286bc126898cb23eaac5547cc0  2007.0/i586/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.i586.rpm
 c5c71f0f78f6506842756ba9c79d121e  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.i586.rpm
 bafbeb5bfc0684fcd053caec876646e8  2007.0/i586/proftpd-mod_facl-1.3.0-4.4mdv2007.0.i586.rpm
 4f4c8bd3a36ff3b68e7a479590a3ee25  2007.0/i586/proftpd-mod_gss-1.3.0-4.4mdv2007.0.i586.rpm
 d5c741aec06c740e9d7f035a887f68d5  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.i586.rpm
 e61958daf818219eb409565efb0be974  2007.0/i586/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 c6f84f04b1a35ef26d6985a9063f0993  2007.0/i586/proftpd-mod_load-1.3.0-4.4mdv2007.0.i586.rpm
 dc0fec8773907dd7739fab6f5f6a5c78  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.i586.rpm
 860e998696b9140c94357457136be823  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.i586.rpm
 31478a97cf53f3da2b02ff26a19f9f69  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 355b61338fd647be4054d19e6c01587c  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.i586.rpm
 aef74c8839a8cb1fef322573a5c8d484  2007.0/i586/proftpd-mod_radius-1.3.0-4.4mdv2007.0.i586.rpm
 39b8c05989e14fc1aeb6fd1395d43973  2007.0/i586/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.i586.rpm
 61317e3f7742f4de4cfb26780f5cdd9a  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.i586.rpm
 4eba5eb110289f346d1ba0881ac82d50  2007.0/i586/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.i586.rpm
 481a8ed2e0ffbc03751d26cd2ae0acb3  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.i586.rpm
 76e926b07afbe8748f0ca072a1456c9b  2007.0/i586/proftpd-mod_sql-1.3.0-4.4mdv2007.0.i586.rpm
 834b63d40bb375af7694165303dbaf54  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.i586.rpm
 68190d61d5f9dc321d5e96eebdc6bc17  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.i586.rpm
 d2a242a9d88ac200a5715ec3a979627d  2007.0/i586/proftpd-mod_time-1.3.0-4.4mdv2007.0.i586.rpm
 a5d110ed77605d7056795a759d620774  2007.0/i586/proftpd-mod_tls-1.3.0-4.4mdv2007.0.i586.rpm
 6d563b023289499bafa6438e18bea304  2007.0/i586/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.i586.rpm
 97066280186fe51879b1f9f83a0fe865  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.i586.rpm
 2a8ffd5324411ca4c5579b0f3cc821e0  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.i586.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 952398679665b5a5647ef5f879797074  2007.0/x86_64/proftpd-1.3.0-4.4mdv2007.0.x86_64.rpm
 b67b546a78493bc67296b001da9f6dc5  2007.0/x86_64/proftpd-anonymous-1.3.0-4.4mdv2007.0.x86_64.rpm
 57d7228f8190ad5956221ddd33748b2d  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.x86_64.rpm
 c81674d9864512a2b47b00a4b9fc7ea2  2007.0/x86_64/proftpd-mod_case-1.3.0-4.4mdv2007.0.x86_64.rpm
 38629437de2866467dbee64942ef3d55  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.x86_64.rpm
 59b89afa67aa44cf302b4585738d6b0c  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.x86_64.rpm
 11d2e9e34803433fb623bff58e19fcc3  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.4mdv2007.0.x86_64.rpm
 904dc5ff6e1ca7205eb28a0d31db67df  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3eed275e17b61dc989e898531c3f2ed  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.x86_64.rpm
 a060e67e5b0fe1e15dbc2e6d148de9b2  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 959febcf9f74abccf5e3f249b3cd4501  2007.0/x86_64/proftpd-mod_load-1.3.0-4.4mdv2007.0.x86_64.rpm
 f0807b9080f431540bfe8b5729b2005f  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.x86_64.rpm
 b0c463356a8cbc6140d6ea7b28c6dc72  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 7dc4d54215124488579a572f49e4eea8  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 2e8fbfc88d28b2fd367088ffb66b044e  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 6569fcc36cc6d11dfcc50db89a33037f  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.4mdv2007.0.x86_64.rpm
 39838f915a30da0f1ed0245fc521051e  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.x86_64.rpm
 dd89c2a4e5878c440fa506b36104f0fb  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.x86_64.rpm
 4b581f3bc61e0d34ff91f4dfad973ea1  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.x86_64.rpm
 37c2b30dcfc23cd9d1b6483e3b436442  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.x86_64.rpm
 a6ea95e4cdc9c3a17d06442c41169d69  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 a7011c17a1a97a32b46a0a125fcaa28e  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.x86_64.rpm
 f65a272ba0af2f52a26fba6ebd216ee0  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.x86_64.rpm
 3187bcd5a199bbdafa6b49a43eb6cf91  2007.0/x86_64/proftpd-mod_time-1.3.0-4.4mdv2007.0.x86_64.rpm
 296952dc6fd46b23a309e762d7784044  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.4mdv2007.0.x86_64.rpm
 dad6e49ca6ea17a06d22740532acfc33  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3fa12831336500d533262efe59541a7  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 3359395a670ecb3d7a94fc9e5d75373a  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.x86_64.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFhyHEmqjQ0CJFipgRAszVAKDv2+bcq/wUxBU+DoUAIULG2/3GnACfctm9
T7DEwmtzr0kb7QLa9xkBPH0=
=ZF2C
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ