[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q0XrZ-000476-Ji@titan.mandriva.com>
Date: Fri, 18 Mar 2011 12:29:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:047 ] proftpd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:047
http://www.mandriva.com/security/
_______________________________________________________________________
Package : proftpd
Date : March 18, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in proftpd:
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d
and earlier allows remote attackers to cause a denial of service
(memory consumption leading to OOM kill) via a malformed SSH message
(CVE-2011-1137).
Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the
same version as in Mandriva Linux 2010.2.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
8e491a641c66bfd2233376fc5c79c3ae 2010.0/i586/proftpd-1.3.3-0.1mdv2010.0.i586.rpm
4456b728c212a896862828d86eb6f3ef 2010.0/i586/proftpd-devel-1.3.3-0.1mdv2010.0.i586.rpm
001e46cc5f36ba64c9ae20d1ba4c4801 2010.0/i586/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.i586.rpm
a3bebc84c79fc1e011187cb743ec901e 2010.0/i586/proftpd-mod_ban-1.3.3-0.1mdv2010.0.i586.rpm
5792da80041ca987653271bc927e8e48 2010.0/i586/proftpd-mod_case-1.3.3-0.1mdv2010.0.i586.rpm
d9546d0b534932554a415dad8eda61e4 2010.0/i586/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.i586.rpm
67fca9fe7447a7b71ea380b56e4d6dbb 2010.0/i586/proftpd-mod_gss-1.3.3-0.1mdv2010.0.i586.rpm
9682701d0dc44de6ae8823f3b751f2a3 2010.0/i586/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.i586.rpm
375fe3abc5ed0c8ed59216a15b54817d 2010.0/i586/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.i586.rpm
21b9fbab449567331679a4582cf2299f 2010.0/i586/proftpd-mod_load-1.3.3-0.1mdv2010.0.i586.rpm
3ddacfaa23963c922e2ba3ce1e75d398 2010.0/i586/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.i586.rpm
74e71e1de83accce2c55857768c5f034 2010.0/i586/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.i586.rpm
1a671f16b84f12fb65ec2452868561eb 2010.0/i586/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.i586.rpm
effc2ceebc34839377f8faa9b992d5a2 2010.0/i586/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.i586.rpm
9c9f0a8bba8de8dfe52e5418adae37d7 2010.0/i586/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.i586.rpm
36b793ff943513dafedb1cf4fb950623 2010.0/i586/proftpd-mod_radius-1.3.3-0.1mdv2010.0.i586.rpm
65413a1eb94c91f729c9569e79df6b11 2010.0/i586/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.i586.rpm
f7e94d2c4b3a707ac74c3c7a0dec7026 2010.0/i586/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.i586.rpm
4ca434ff1754ef12561607d5edd9a22f 2010.0/i586/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.i586.rpm
f2e73feb4cb1e23c78043469b2517a2c 2010.0/i586/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.i586.rpm
d628bee7746f0c583436f06c3d87a3ce 2010.0/i586/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.i586.rpm
10c1949441e8995a6cfd29115b2d1eca 2010.0/i586/proftpd-mod_sql-1.3.3-0.1mdv2010.0.i586.rpm
a0797d6f775a3594981b1445fbbf3f2b 2010.0/i586/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.i586.rpm
b0b9c84cd77dcb2acafb196b8a98d9d7 2010.0/i586/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.i586.rpm
45d41896bd0ca0bb0d824c032f461dd3 2010.0/i586/proftpd-mod_time-1.3.3-0.1mdv2010.0.i586.rpm
25a1af43cbcb4aa74391f0a3a2b339f8 2010.0/i586/proftpd-mod_tls-1.3.3-0.1mdv2010.0.i586.rpm
226cf260eb3d6460c071b4b7c0f074a7 2010.0/i586/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.i586.rpm
f528d0ff77b7a9ffd5f5733db64bb676 2010.0/i586/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.i586.rpm
aa1d74b81a020c4463385babc0c99a2f 2010.0/i586/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.i586.rpm
d5c34155b8267f4b7ebd490a790637c3 2010.0/i586/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.i586.rpm
ba10d155a3f958e5d07b08aa2d242a1e 2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
21e5304dbfaba0456df4fcdf07c6146f 2010.0/x86_64/proftpd-1.3.3-0.1mdv2010.0.x86_64.rpm
bf81f5f838416e8ad6be026c72b96d77 2010.0/x86_64/proftpd-devel-1.3.3-0.1mdv2010.0.x86_64.rpm
99ac6d0ca6b7325a9d037c04c337d9cf 2010.0/x86_64/proftpd-mod_autohost-1.3.3-0.1mdv2010.0.x86_64.rpm
3bffd5be09b9042c4da02a6ec51191d1 2010.0/x86_64/proftpd-mod_ban-1.3.3-0.1mdv2010.0.x86_64.rpm
4f945c34baf41cd0955932a1dc616c6a 2010.0/x86_64/proftpd-mod_case-1.3.3-0.1mdv2010.0.x86_64.rpm
6822a142ddcdb057f66c2e76652e860d 2010.0/x86_64/proftpd-mod_ctrls_admin-1.3.3-0.1mdv2010.0.x86_64.rpm
47785c7468636e0e3a0bc232b23ad760 2010.0/x86_64/proftpd-mod_gss-1.3.3-0.1mdv2010.0.x86_64.rpm
317a739c1cfd6d6675b7bb03c030d3fb 2010.0/x86_64/proftpd-mod_ifsession-1.3.3-0.1mdv2010.0.x86_64.rpm
e1360da80add4ce853070dc967bdd2d1 2010.0/x86_64/proftpd-mod_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
a49b00beea14d6f8cadc802cde8c7233 2010.0/x86_64/proftpd-mod_load-1.3.3-0.1mdv2010.0.x86_64.rpm
014e6ac4e0bf2727cdb8865a28414e75 2010.0/x86_64/proftpd-mod_quotatab-1.3.3-0.1mdv2010.0.x86_64.rpm
7fb242bb82489f11abe44253934a4756 2010.0/x86_64/proftpd-mod_quotatab_file-1.3.3-0.1mdv2010.0.x86_64.rpm
58307df293dcef719e79a53f3e7fb9f4 2010.0/x86_64/proftpd-mod_quotatab_ldap-1.3.3-0.1mdv2010.0.x86_64.rpm
5835ff3e5863e1199d24641a241c47e5 2010.0/x86_64/proftpd-mod_quotatab_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
94123c50b12036a4cb985315dad521fd 2010.0/x86_64/proftpd-mod_quotatab_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
3e7c6733a5af27a4196337294270a43b 2010.0/x86_64/proftpd-mod_radius-1.3.3-0.1mdv2010.0.x86_64.rpm
a760519f157a337e1949362ef29c9bac 2010.0/x86_64/proftpd-mod_ratio-1.3.3-0.1mdv2010.0.x86_64.rpm
e744ed76ca9e819620897d43cdc67f15 2010.0/x86_64/proftpd-mod_rewrite-1.3.3-0.1mdv2010.0.x86_64.rpm
d44e8d2d02ef0091ff3f08b55f6775e7 2010.0/x86_64/proftpd-mod_sftp-1.3.3-0.1mdv2010.0.x86_64.rpm
20557b6d606782395a9a9a0b89d931d4 2010.0/x86_64/proftpd-mod_shaper-1.3.3-0.1mdv2010.0.x86_64.rpm
9ff9dcf82937c17c5541668f1315b5e0 2010.0/x86_64/proftpd-mod_site_misc-1.3.3-0.1mdv2010.0.x86_64.rpm
9a0b9017af67bf19f51c7d13606ce3b4 2010.0/x86_64/proftpd-mod_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
2ff6ceed8da31234357a947b7c376f18 2010.0/x86_64/proftpd-mod_sql_mysql-1.3.3-0.1mdv2010.0.x86_64.rpm
9881602575a12e853d060e82edc297d3 2010.0/x86_64/proftpd-mod_sql_postgres-1.3.3-0.1mdv2010.0.x86_64.rpm
7f0404c16684fd355edfb91dd57e1443 2010.0/x86_64/proftpd-mod_time-1.3.3-0.1mdv2010.0.x86_64.rpm
a4f37506c8d7e022788ea715c5efe714 2010.0/x86_64/proftpd-mod_tls-1.3.3-0.1mdv2010.0.x86_64.rpm
af584e8879952028c7c6f753f8227c39 2010.0/x86_64/proftpd-mod_vroot-1.3.3-0.1mdv2010.0.x86_64.rpm
e1edc0fdd4be2299982094b2503a4f09 2010.0/x86_64/proftpd-mod_wrap-1.3.3-0.1mdv2010.0.x86_64.rpm
71a94237adc678b7a6bc53a9c31af9c3 2010.0/x86_64/proftpd-mod_wrap_file-1.3.3-0.1mdv2010.0.x86_64.rpm
a8ed961560a85f1d85170d034972b6a7 2010.0/x86_64/proftpd-mod_wrap_sql-1.3.3-0.1mdv2010.0.x86_64.rpm
ba10d155a3f958e5d07b08aa2d242a1e 2010.0/SRPMS/proftpd-1.3.3-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
21c3ca9a337aa9e9114840080413a420 2010.1/i586/proftpd-1.3.3-3.3mdv2010.2.i586.rpm
c78fb3906cc3be14bf0ded624c9fcf25 2010.1/i586/proftpd-devel-1.3.3-3.3mdv2010.2.i586.rpm
e1fdefabb0cfcc205118f3c4c44b8f2c 2010.1/i586/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.i586.rpm
cdb6ba0403b0c655333964ebfdcbdc6b 2010.1/i586/proftpd-mod_ban-1.3.3-3.3mdv2010.2.i586.rpm
108ca56dfc5e9f3a9971c60bcb58d1c4 2010.1/i586/proftpd-mod_case-1.3.3-3.3mdv2010.2.i586.rpm
68fc2d46c2fdc2b3bfe15e2ef9daa4e3 2010.1/i586/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.i586.rpm
034160142b8b5aedad03523b028e2704 2010.1/i586/proftpd-mod_gss-1.3.3-3.3mdv2010.2.i586.rpm
5fbfa8ffa73dfec8283fec38f1511f88 2010.1/i586/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.i586.rpm
0935dbb615ec3dbd3f5599b330c18e36 2010.1/i586/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.i586.rpm
7d0762881a048bb40cbece6e12d963e7 2010.1/i586/proftpd-mod_load-1.3.3-3.3mdv2010.2.i586.rpm
2ba43e420c105c1dbc92502f9614ead0 2010.1/i586/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.i586.rpm
64f85d3520f6c00dc0983c891055c488 2010.1/i586/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.i586.rpm
8565c9b73c2002c522f1e0a3169d72a9 2010.1/i586/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.i586.rpm
72c3e76239d832886383b75656dbaa1f 2010.1/i586/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.i586.rpm
2383e60427de5ca961177d2a1b066f04 2010.1/i586/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.i586.rpm
226d78053883df1cfa59af8c08f088b4 2010.1/i586/proftpd-mod_radius-1.3.3-3.3mdv2010.2.i586.rpm
d85179ec9c8068a7754fe92356cfe67c 2010.1/i586/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.i586.rpm
d0c93a5a72da764224ab21baf0f5264e 2010.1/i586/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.i586.rpm
03b1d9ff10428d56ddec77888bc27f6e 2010.1/i586/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.i586.rpm
9a6cf41f51e0d450c068e7eac88a256a 2010.1/i586/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.i586.rpm
777926e081a54076dc0c637c0099c34a 2010.1/i586/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.i586.rpm
6aa8d46fd75936b2b1054f8f5da115f4 2010.1/i586/proftpd-mod_sql-1.3.3-3.3mdv2010.2.i586.rpm
faa71b2da6955b6832e54212078dbbc4 2010.1/i586/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.i586.rpm
453f378fadf4dcf535f94917f8e2b258 2010.1/i586/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.i586.rpm
02eb74869583b970413f26073154acc6 2010.1/i586/proftpd-mod_time-1.3.3-3.3mdv2010.2.i586.rpm
37bfb873aa260e37e490db0352681bdf 2010.1/i586/proftpd-mod_tls-1.3.3-3.3mdv2010.2.i586.rpm
9df8ab714ddf1244eecefbb6817db174 2010.1/i586/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.i586.rpm
ceca741c1c3174751976aba876b2fbbf 2010.1/i586/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.i586.rpm
bbd26d751a7ef98bb72a385b663e86c5 2010.1/i586/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.i586.rpm
a2945b9e28962daf37f15cd2f3510580 2010.1/i586/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.i586.rpm
eef597260ee0a0915dc8d530cc864b48 2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
a9d0108309deef250b7e62a411f3b937 2010.1/x86_64/proftpd-1.3.3-3.3mdv2010.2.x86_64.rpm
c6b80052351b7cfa52bc93d6c1d0cf23 2010.1/x86_64/proftpd-devel-1.3.3-3.3mdv2010.2.x86_64.rpm
7ec4223fa51b0ef30c465055925483d2 2010.1/x86_64/proftpd-mod_autohost-1.3.3-3.3mdv2010.2.x86_64.rpm
f842d851a9ec55b6be2da73d8ee0af97 2010.1/x86_64/proftpd-mod_ban-1.3.3-3.3mdv2010.2.x86_64.rpm
a9de955cccff0d28280e8f594df58d85 2010.1/x86_64/proftpd-mod_case-1.3.3-3.3mdv2010.2.x86_64.rpm
7086c63979aa6cefb7a24016541b2716 2010.1/x86_64/proftpd-mod_ctrls_admin-1.3.3-3.3mdv2010.2.x86_64.rpm
fd0c7873a5d6b278c5496fd892867200 2010.1/x86_64/proftpd-mod_gss-1.3.3-3.3mdv2010.2.x86_64.rpm
40548353c4357a50ae5a05f75a56cbf9 2010.1/x86_64/proftpd-mod_ifsession-1.3.3-3.3mdv2010.2.x86_64.rpm
8eea53a05e52da179b80b514319cee27 2010.1/x86_64/proftpd-mod_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
577d8453d4639e553043a21790dcaa82 2010.1/x86_64/proftpd-mod_load-1.3.3-3.3mdv2010.2.x86_64.rpm
f88e001cf3b7b3aa810b4bcab1e9d67d 2010.1/x86_64/proftpd-mod_quotatab-1.3.3-3.3mdv2010.2.x86_64.rpm
81d0658f0f4fdb3461ffaf3677e3f2a7 2010.1/x86_64/proftpd-mod_quotatab_file-1.3.3-3.3mdv2010.2.x86_64.rpm
e16d5eb975cf51deed253027a210e01a 2010.1/x86_64/proftpd-mod_quotatab_ldap-1.3.3-3.3mdv2010.2.x86_64.rpm
226e75abbf1d6965cd16551b72fe2b32 2010.1/x86_64/proftpd-mod_quotatab_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
68bf4bb90b6b8e75e6545edf9687e073 2010.1/x86_64/proftpd-mod_quotatab_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
7d428fb0dc00fc990ade486d841f2a8d 2010.1/x86_64/proftpd-mod_radius-1.3.3-3.3mdv2010.2.x86_64.rpm
b26b6ad04f49c47f91b6076b9d4a93e1 2010.1/x86_64/proftpd-mod_ratio-1.3.3-3.3mdv2010.2.x86_64.rpm
337bc72bb4939f09e108af0480db0ba4 2010.1/x86_64/proftpd-mod_rewrite-1.3.3-3.3mdv2010.2.x86_64.rpm
1d6d728e67b586e2291e9baac181c73e 2010.1/x86_64/proftpd-mod_sftp-1.3.3-3.3mdv2010.2.x86_64.rpm
5d1d147f7d66b8a4b2dbf7c07ada0b65 2010.1/x86_64/proftpd-mod_shaper-1.3.3-3.3mdv2010.2.x86_64.rpm
40717f1532a55d6a422362715f4749a3 2010.1/x86_64/proftpd-mod_site_misc-1.3.3-3.3mdv2010.2.x86_64.rpm
51d5f6097fb9a31eda3fdf6447891235 2010.1/x86_64/proftpd-mod_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
aefcd441d760691fb17f3067bdef191c 2010.1/x86_64/proftpd-mod_sql_mysql-1.3.3-3.3mdv2010.2.x86_64.rpm
40c71df695c143dec2862e2448a4b442 2010.1/x86_64/proftpd-mod_sql_postgres-1.3.3-3.3mdv2010.2.x86_64.rpm
cb97b81004db2b416f31d497979b9291 2010.1/x86_64/proftpd-mod_time-1.3.3-3.3mdv2010.2.x86_64.rpm
934b93882c828d1a7845ee5793dee8ca 2010.1/x86_64/proftpd-mod_tls-1.3.3-3.3mdv2010.2.x86_64.rpm
ddc7c44a2535ff8e23f8a8b8d8dcad59 2010.1/x86_64/proftpd-mod_vroot-1.3.3-3.3mdv2010.2.x86_64.rpm
21daf0a953db4b5782575d1e2ca670b4 2010.1/x86_64/proftpd-mod_wrap-1.3.3-3.3mdv2010.2.x86_64.rpm
774d30247dddbf46ad15605b0f3e89fb 2010.1/x86_64/proftpd-mod_wrap_file-1.3.3-3.3mdv2010.2.x86_64.rpm
e18bf5729e1295f50913b9d7a7e6f1e9 2010.1/x86_64/proftpd-mod_wrap_sql-1.3.3-3.3mdv2010.2.x86_64.rpm
eef597260ee0a0915dc8d530cc864b48 2010.1/SRPMS/proftpd-1.3.3-3.3mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNgxVlmqjQ0CJFipgRAgIIAJ4pzgeAkWAt3VgfYn+AkVG8f8mpggCgn0v/
cIM2Ft0q8nN4NJEKWhthOXE=
=5KUw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists