[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UO9vl-0006t4-8M@titan.mandriva.com>
Date: Fri, 05 Apr 2013 18:56:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:053 ] proftpd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:053
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : proftpd
Date : April 5, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in proftpd:
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows
local users to modify the ownership of arbitrary files via a race
condition and a symlink attack on the (1) MKD or (2) XMKD commands
(CVE-2012-6095).
The updated packages have been patched to correct thies issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
8668ab069cbdedce850d25db83d3dc63 mes5/i586/proftpd-1.3.3g-0.2mdvmes5.2.i586.rpm
a88d58a1b9881057050285161002723c mes5/i586/proftpd-devel-1.3.3g-0.2mdvmes5.2.i586.rpm
22585bc394667f153da8a755433be6ca mes5/i586/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.i586.rpm
2982055fd23bb005abac8c7c31e3f1ca mes5/i586/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.i586.rpm
7625769dc24aba049d0e6e7d386a8f10 mes5/i586/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.i586.rpm
affe5ebdb0deb4efd970d3155d50274f mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.i586.rpm
72619f1941c05f1f3a39b7ed8ec8ea49 mes5/i586/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.i586.rpm
758c72efd40ee333083acb5242f688cf mes5/i586/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.i586.rpm
1c9a23300e8be683a228becdf1171b8d mes5/i586/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
53648fcba355fd40bced12dbf68fc97b mes5/i586/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.i586.rpm
7a816012a6a3c71acdbbb6b3b32e3aca mes5/i586/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.i586.rpm
d356cc1095145a8556576c6365cd6d0e mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.i586.rpm
e07f0c88c9f2eea890c367d0367e08fb mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
55542c9f37db65b4a8dfc494e8d01efa mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
e5ef7bfa955fe8b1f2d7d51408603f32 mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
2f16197f14aad72f8edc936987365dee mes5/i586/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
3b749be10c1413c52f042cb06dc37b64 mes5/i586/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.i586.rpm
4dedd298bf289a617636c17cbdcf7891 mes5/i586/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.i586.rpm
3b820c82057c98a7a7c3e48b56098056 mes5/i586/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.i586.rpm
c2fae5843fe294355cd9ed690c5257d0 mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.i586.rpm
453dfd91e7e0737033a60f6040d8cd60 mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
370818a2ae1390fae2685948883ee8e2 mes5/i586/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.i586.rpm
ebe0bf7898d073190eb6e9b3c981f021 mes5/i586/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.i586.rpm
3477c07efe3bf44ded0d9a46630c86d5 mes5/i586/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
454b317fab48bbaa91117ef07706ec5a mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.i586.rpm
78d5333793b5b0169bc0fe32da8d6022 mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.i586.rpm
70221679c6a9cf0e69e9c80e8266afdf mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.i586.rpm
be4f37a0455aa65c64fb74c4ca999c97 mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.i586.rpm
ceae0ed8a2671b33a7746f6452720ddf mes5/i586/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.i586.rpm
1ccb28cce4bce9d336ba3681c5bc2d34 mes5/i586/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.i586.rpm
1b607c33dfc532f7524b950ca18924ed mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.i586.rpm
eb4be8eda6d430f18b9af06c5863cc86 mes5/i586/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.i586.rpm
994b33b5b7017f81dd9e69e7cc869e1e mes5/i586/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.i586.rpm
212da3cc0d0aaf9c73e7223e12acb48c mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.i586.rpm
c30258b0def5269eb674f996b9bc054a mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
f5fe41d1f4d001e1d6d423f6ce6a87ca mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
363f9c2ed43710548a69e4fe8d9d1bb4 mes5/x86_64/proftpd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
084a6ce1d8f71c4a0091f710c3058c89 mes5/x86_64/proftpd-devel-1.3.3g-0.2mdvmes5.2.x86_64.rpm
df9b615d61524aaff76762c1d556b5eb mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.x86_64.rpm
76e573c60f2d6cd105e5bbcc4dc22e5c mes5/x86_64/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.x86_64.rpm
df5f919852b0a29c5f3774f2e03f5be6 mes5/x86_64/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.x86_64.rpm
5c1138c7bb8e4a766b0212ea92e1b76e mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.x86_64.rpm
42c5ef07a24a22783ca7721c26a0fbf0 mes5/x86_64/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.x86_64.rpm
90073ef45c6855a325d552a9c7005db9 mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.x86_64.rpm
843fce783ea1d2a58f00516888a2b28a mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
749746d8dc3c07e2e20e04f550c3c66c mes5/x86_64/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.x86_64.rpm
ccdc137ddec2aa827676c4d78a0adb83 mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.x86_64.rpm
60591f3dc63dc0d21f9a4ee87d3c57a1 mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
fc5333ef35c706a1eed890fc2ee47085 mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
b0de06ee3c04bcff9d631e44dbf0f500 mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
21ae0c64090ba2b67e7cc41969c771f2 mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
9ffb1603cf109d1a562a75f0301a9538 mes5/x86_64/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
74bd7fbe86e6056b8eb34305be111803 mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.x86_64.rpm
1539bd210d6c0c8369864db9ad9f3593 mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
881dff9a2839981b9cc90b138cfc9fc5 mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.x86_64.rpm
8dadb26deb8c5a75dbcba778757ef2c6 mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.x86_64.rpm
b5a6c19db19dc05047a47c63e3604810 mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
2cf8891c4a2b78a2dab674cf1f1d0790 mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.x86_64.rpm
bf5d9cd2e1941728cf624f54267bfd26 mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.x86_64.rpm
74fde039da420d064ce169eb23c7dfdf mes5/x86_64/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
44fc63fdae7c56ddd1b672d30844e4db mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
393b8be0ecfc4caeffb68867fe626186 mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
a8d6fb72ff8e1f1693e4d9dc97cc90e2 mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.x86_64.rpm
3d1e776e494cc82e4dae6c2af9a1c097 mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
2f52338710210ed58b61bcd85b74643d mes5/x86_64/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.x86_64.rpm
e2cb8dc3de2f44cbcae28ba24ed8dd3c mes5/x86_64/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.x86_64.rpm
990c7da3df3a729ca60f47468d5ded8f mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.x86_64.rpm
f86f098eefb718bc23db3a65499583b8 mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.x86_64.rpm
c52d1eb47e58fc6ac8da5796774ddddc mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
f6ad59a559e40923f019a24b4aa6d0e7 mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
b967bdd9c51f774f3ea8c0b29a4131a9 mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
f5fe41d1f4d001e1d6d423f6ce6a87ca mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
5ee3e510f5e05281247458d07475e241 mbs1/x86_64/proftpd-1.3.3g-2.1.mbs1.x86_64.rpm
ee060dab08f900c56bf9bab7a2569f63 mbs1/x86_64/proftpd-devel-1.3.3g-2.1.mbs1.x86_64.rpm
ce1cefaed89457b9fda7da4ce5061d24 mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.1.mbs1.x86_64.rpm
b607b9f8aa4805d4a0b090dc99c1189d mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.1.mbs1.x86_64.rpm
a881044b088bcda4329537004559dd46 mbs1/x86_64/proftpd-mod_case-1.3.3g-2.1.mbs1.x86_64.rpm
3afc1166329e5f2d70a24d5219f74ed2 mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.1.mbs1.x86_64.rpm
3b41a39b3aebab299d66246c9217f082 mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.1.mbs1.x86_64.rpm
e326d9402aa1d3945069312bb6a48045 mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.1.mbs1.x86_64.rpm
9281e71ca842fae81e215419f4a6b842 mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
573512c7005c90b5c362263dfeec1698 mbs1/x86_64/proftpd-mod_load-1.3.3g-2.1.mbs1.x86_64.rpm
85fe7cbd5bc876e7f67502a53facc5df mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.1.mbs1.x86_64.rpm
ea1c19bd2a8b496cc03963d42d4eeead mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.1.mbs1.x86_64.rpm
5b92d4110792649bb89637f1adfbdcab mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
41c8309fe1e3a7277eddce9daa1cad9f mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.1.mbs1.x86_64.rpm
ea5d966d22fcfe1eb69b32905621268e mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.1.mbs1.x86_64.rpm
bdbbe5631e05e8d27375a395ec92a67a mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.1.mbs1.x86_64.rpm
9a932ac2241dca3466695e327d38d28b mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.1.mbs1.x86_64.rpm
36f12754a5bbac843c03b09f241a8087 mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.1.mbs1.x86_64.rpm
1372826aad7e999d7599c4b93b13ade1 mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.1.mbs1.x86_64.rpm
a49511fdc7141dba6106a48908db103a mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.1.mbs1.x86_64.rpm
ef9f765f6173e1981a75cd30b978b5bb mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.1.mbs1.x86_64.rpm
323c87bf0bcccc33f438a03c03ffc52a mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.1.mbs1.x86_64.rpm
7153e4d2d9c0b9c3f4fd694cc3ef09ff mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.1.mbs1.x86_64.rpm
d38ad8e88d33ec5f625e52f2a49e30ca mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.1.mbs1.x86_64.rpm
523f576bab25b5966c1141dc0ead4088 mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.1.mbs1.x86_64.rpm
7a78310aa523a8c5c9e8b504c1ca763b mbs1/x86_64/proftpd-mod_time-1.3.3g-2.1.mbs1.x86_64.rpm
a7952bf753a822734605e182606519dc mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.1.mbs1.x86_64.rpm
b8bc0fe6d2a30ecbccd56682a1cef78c mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.1.mbs1.x86_64.rpm
9f9332d885d77c1b840a5c66489ebc9b mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.1.mbs1.x86_64.rpm
2fc91b4ff89bfcb0147070cc07bd889f mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.1.mbs1.x86_64.rpm
50904d544c039681471574b2eb61b296 mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.1.mbs1.x86_64.rpm
04853f2f9be154ae438f8c04857dc136 mbs1/SRPMS/proftpd-1.3.3g-2.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRXta/mqjQ0CJFipgRAjkMAJ9Jfo6qxIQacm1aJqZueaeMIRjA3gCgqibo
q2xaoMFyZ182AziVedoKKRw=
=70PS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists