lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UO9vl-0006t4-8M@titan.mandriva.com>
Date: Fri, 05 Apr 2013 18:56:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:053 ] proftpd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:053
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : proftpd
 Date    : April 5, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in proftpd:
 
 ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows
 local users to modify the ownership of arbitrary files via a race
 condition and a symlink attack on the (1) MKD or (2) XMKD commands
 (CVE-2012-6095).
 
 The updated packages have been patched to correct thies issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 8668ab069cbdedce850d25db83d3dc63  mes5/i586/proftpd-1.3.3g-0.2mdvmes5.2.i586.rpm
 a88d58a1b9881057050285161002723c  mes5/i586/proftpd-devel-1.3.3g-0.2mdvmes5.2.i586.rpm
 22585bc394667f153da8a755433be6ca  mes5/i586/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.i586.rpm
 2982055fd23bb005abac8c7c31e3f1ca  mes5/i586/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.i586.rpm
 7625769dc24aba049d0e6e7d386a8f10  mes5/i586/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.i586.rpm
 affe5ebdb0deb4efd970d3155d50274f  mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.i586.rpm
 72619f1941c05f1f3a39b7ed8ec8ea49  mes5/i586/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.i586.rpm
 758c72efd40ee333083acb5242f688cf  mes5/i586/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.i586.rpm
 1c9a23300e8be683a228becdf1171b8d  mes5/i586/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
 53648fcba355fd40bced12dbf68fc97b  mes5/i586/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.i586.rpm
 7a816012a6a3c71acdbbb6b3b32e3aca  mes5/i586/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.i586.rpm
 d356cc1095145a8556576c6365cd6d0e  mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.i586.rpm
 e07f0c88c9f2eea890c367d0367e08fb  mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm
 55542c9f37db65b4a8dfc494e8d01efa  mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
 e5ef7bfa955fe8b1f2d7d51408603f32  mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 2f16197f14aad72f8edc936987365dee  mes5/i586/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.i586.rpm
 3b749be10c1413c52f042cb06dc37b64  mes5/i586/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.i586.rpm
 4dedd298bf289a617636c17cbdcf7891  mes5/i586/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.i586.rpm
 3b820c82057c98a7a7c3e48b56098056  mes5/i586/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.i586.rpm
 c2fae5843fe294355cd9ed690c5257d0  mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.i586.rpm
 453dfd91e7e0737033a60f6040d8cd60  mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 370818a2ae1390fae2685948883ee8e2  mes5/i586/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.i586.rpm
 ebe0bf7898d073190eb6e9b3c981f021  mes5/i586/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.i586.rpm
 3477c07efe3bf44ded0d9a46630c86d5  mes5/i586/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.i586.rpm
 454b317fab48bbaa91117ef07706ec5a  mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.i586.rpm
 78d5333793b5b0169bc0fe32da8d6022  mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.i586.rpm
 70221679c6a9cf0e69e9c80e8266afdf  mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.i586.rpm
 be4f37a0455aa65c64fb74c4ca999c97  mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.i586.rpm
 ceae0ed8a2671b33a7746f6452720ddf  mes5/i586/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.i586.rpm
 1ccb28cce4bce9d336ba3681c5bc2d34  mes5/i586/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.i586.rpm
 1b607c33dfc532f7524b950ca18924ed  mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.i586.rpm
 eb4be8eda6d430f18b9af06c5863cc86  mes5/i586/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.i586.rpm
 994b33b5b7017f81dd9e69e7cc869e1e  mes5/i586/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.i586.rpm
 212da3cc0d0aaf9c73e7223e12acb48c  mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.i586.rpm
 c30258b0def5269eb674f996b9bc054a  mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.i586.rpm 
 f5fe41d1f4d001e1d6d423f6ce6a87ca  mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 363f9c2ed43710548a69e4fe8d9d1bb4  mes5/x86_64/proftpd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 084a6ce1d8f71c4a0091f710c3058c89  mes5/x86_64/proftpd-devel-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 df9b615d61524aaff76762c1d556b5eb  mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 76e573c60f2d6cd105e5bbcc4dc22e5c  mes5/x86_64/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 df5f919852b0a29c5f3774f2e03f5be6  mes5/x86_64/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 5c1138c7bb8e4a766b0212ea92e1b76e  mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 42c5ef07a24a22783ca7721c26a0fbf0  mes5/x86_64/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 90073ef45c6855a325d552a9c7005db9  mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 843fce783ea1d2a58f00516888a2b28a  mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 749746d8dc3c07e2e20e04f550c3c66c  mes5/x86_64/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 ccdc137ddec2aa827676c4d78a0adb83  mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 60591f3dc63dc0d21f9a4ee87d3c57a1  mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 fc5333ef35c706a1eed890fc2ee47085  mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b0de06ee3c04bcff9d631e44dbf0f500  mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 21ae0c64090ba2b67e7cc41969c771f2  mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 9ffb1603cf109d1a562a75f0301a9538  mes5/x86_64/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 74bd7fbe86e6056b8eb34305be111803  mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 1539bd210d6c0c8369864db9ad9f3593  mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 881dff9a2839981b9cc90b138cfc9fc5  mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 8dadb26deb8c5a75dbcba778757ef2c6  mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b5a6c19db19dc05047a47c63e3604810  mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 2cf8891c4a2b78a2dab674cf1f1d0790  mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 bf5d9cd2e1941728cf624f54267bfd26  mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 74fde039da420d064ce169eb23c7dfdf  mes5/x86_64/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 44fc63fdae7c56ddd1b672d30844e4db  mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 393b8be0ecfc4caeffb68867fe626186  mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 a8d6fb72ff8e1f1693e4d9dc97cc90e2  mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 3d1e776e494cc82e4dae6c2af9a1c097  mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 2f52338710210ed58b61bcd85b74643d  mes5/x86_64/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 e2cb8dc3de2f44cbcae28ba24ed8dd3c  mes5/x86_64/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 990c7da3df3a729ca60f47468d5ded8f  mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 f86f098eefb718bc23db3a65499583b8  mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 c52d1eb47e58fc6ac8da5796774ddddc  mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 f6ad59a559e40923f019a24b4aa6d0e7  mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm
 b967bdd9c51f774f3ea8c0b29a4131a9  mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 
 f5fe41d1f4d001e1d6d423f6ce6a87ca  mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 5ee3e510f5e05281247458d07475e241  mbs1/x86_64/proftpd-1.3.3g-2.1.mbs1.x86_64.rpm
 ee060dab08f900c56bf9bab7a2569f63  mbs1/x86_64/proftpd-devel-1.3.3g-2.1.mbs1.x86_64.rpm
 ce1cefaed89457b9fda7da4ce5061d24  mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.1.mbs1.x86_64.rpm
 b607b9f8aa4805d4a0b090dc99c1189d  mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.1.mbs1.x86_64.rpm
 a881044b088bcda4329537004559dd46  mbs1/x86_64/proftpd-mod_case-1.3.3g-2.1.mbs1.x86_64.rpm
 3afc1166329e5f2d70a24d5219f74ed2  mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.1.mbs1.x86_64.rpm
 3b41a39b3aebab299d66246c9217f082  mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.1.mbs1.x86_64.rpm
 e326d9402aa1d3945069312bb6a48045  mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.1.mbs1.x86_64.rpm
 9281e71ca842fae81e215419f4a6b842  mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
 573512c7005c90b5c362263dfeec1698  mbs1/x86_64/proftpd-mod_load-1.3.3g-2.1.mbs1.x86_64.rpm
 85fe7cbd5bc876e7f67502a53facc5df  mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.1.mbs1.x86_64.rpm
 ea1c19bd2a8b496cc03963d42d4eeead  mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.1.mbs1.x86_64.rpm
 5b92d4110792649bb89637f1adfbdcab  mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.1.mbs1.x86_64.rpm
 41c8309fe1e3a7277eddce9daa1cad9f  mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.1.mbs1.x86_64.rpm
 ea5d966d22fcfe1eb69b32905621268e  mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.1.mbs1.x86_64.rpm
 bdbbe5631e05e8d27375a395ec92a67a  mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.1.mbs1.x86_64.rpm
 9a932ac2241dca3466695e327d38d28b  mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.1.mbs1.x86_64.rpm
 36f12754a5bbac843c03b09f241a8087  mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.1.mbs1.x86_64.rpm
 1372826aad7e999d7599c4b93b13ade1  mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.1.mbs1.x86_64.rpm
 a49511fdc7141dba6106a48908db103a  mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.1.mbs1.x86_64.rpm
 ef9f765f6173e1981a75cd30b978b5bb  mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.1.mbs1.x86_64.rpm
 323c87bf0bcccc33f438a03c03ffc52a  mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.1.mbs1.x86_64.rpm
 7153e4d2d9c0b9c3f4fd694cc3ef09ff  mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.1.mbs1.x86_64.rpm
 d38ad8e88d33ec5f625e52f2a49e30ca  mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.1.mbs1.x86_64.rpm
 523f576bab25b5966c1141dc0ead4088  mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.1.mbs1.x86_64.rpm
 7a78310aa523a8c5c9e8b504c1ca763b  mbs1/x86_64/proftpd-mod_time-1.3.3g-2.1.mbs1.x86_64.rpm
 a7952bf753a822734605e182606519dc  mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.1.mbs1.x86_64.rpm
 b8bc0fe6d2a30ecbccd56682a1cef78c  mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.1.mbs1.x86_64.rpm
 9f9332d885d77c1b840a5c66489ebc9b  mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.1.mbs1.x86_64.rpm
 2fc91b4ff89bfcb0147070cc07bd889f  mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.1.mbs1.x86_64.rpm
 50904d544c039681471574b2eb61b296  mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.1.mbs1.x86_64.rpm 
 04853f2f9be154ae438f8c04857dc136  mbs1/SRPMS/proftpd-1.3.3g-2.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRXta/mqjQ0CJFipgRAjkMAJ9Jfo6qxIQacm1aJqZueaeMIRjA3gCgqibo
q2xaoMFyZ182AziVedoKKRw=
=70PS
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ