lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VRib5-0000e1-2Q@titan.mandriva.com>
Date: Thu, 03 Oct 2013 15:05:36 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:245 ] proftpd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:245
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : proftpd
 Date    : October 3, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in proftpd:
 
 Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and
 1.3.5r3 allows remote attackers to cause a denial of service (memory
 consumption) via a large response count value in an authentication
 request, which triggers a large memory allocation (CVE-2013-4359).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 46983ffd7098530fca4128077d97a523  mes5/i586/proftpd-1.3.3g-0.3mdvmes5.2.i586.rpm
 a04e0b56bf0eb0d2d4cdece3ffc85029  mes5/i586/proftpd-devel-1.3.3g-0.3mdvmes5.2.i586.rpm
 025f570c1dc8efdc45895a3616da1e06  mes5/i586/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.i586.rpm
 450f15d6116cab768617d48011c3e817  mes5/i586/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.i586.rpm
 a98343b24afe7e37fba65e1dda0195e1  mes5/i586/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.i586.rpm
 43616f2c325f048e059fcf17ab51393c  mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.i586.rpm
 fe0fd656038018fdce84bd43cdef5772  mes5/i586/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.i586.rpm
 e6f8e5ac0ebf015f11d3883772603be3  mes5/i586/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.i586.rpm
 876f7f2f217eef5a3c37ddd0a1b14e4e  mes5/i586/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm
 567712b13a4d71d8f1425c50c93da77f  mes5/i586/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.i586.rpm
 5f4dc1d5ae8a1b1ebb69f4fefb770209  mes5/i586/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.i586.rpm
 43537fb14fd6d668378353e2d3fed566  mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.i586.rpm
 44bc319aaea602ef75ef4b7ab0a30f63  mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm
 f7824603f5f4192be16872b14b9e29af  mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.i586.rpm
 948961bc889efd5ddb1b7aeae4aa1925  mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
 7012699225ae929c26526c81bead2c40  mes5/i586/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.i586.rpm
 87330a04471f3a047cdd49ad4151b8e1  mes5/i586/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.i586.rpm
 44b63f1707ebc0436156a7d9ce1602fa  mes5/i586/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.i586.rpm
 384bb9641df7c17cae6375f93a454ff6  mes5/i586/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.i586.rpm
 cf2705bc941d052b603935a84e4306a4  mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.i586.rpm
 026d9596cc3379b5a2bb4980acac57b3  mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
 7209015b90d427445b047be9bfee5d08  mes5/i586/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.i586.rpm
 6d881af562adcfee2b4d3eb21ef8aa1d  mes5/i586/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.i586.rpm
 557aa8921aa2f6ceccf9491711adfabf  mes5/i586/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
 020203dadddd0122f0c7ebbfbf12c790  mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.i586.rpm
 512866f3265a2876c3faafbd93e76d41  mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.i586.rpm
 ee8998f366f8323b0064362c3cf12a8f  mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.i586.rpm
 b314dc7d58b779092710c95d8fb4b577  mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.i586.rpm
 86ce25cf1e2d557dfc8a838965236965  mes5/i586/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.i586.rpm
 2ddbdca6dc855e2e90ca5b38e2703409  mes5/i586/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.i586.rpm
 6d1a4b01f2dd733ae5207a2dff78424f  mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.i586.rpm
 d44e3df2773cd71189fd859239f119b9  mes5/i586/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.i586.rpm
 23751186af1e2588e07e43e60099fcf2  mes5/i586/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.i586.rpm
 5eb2de8b3640f317266e4a8032693320  mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.i586.rpm
 7ac0e08ec868cbbb2004b05a7def10ba  mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.i586.rpm 
 159e3566c92302969ca40d38b37c0427  mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 38796f9d366483a30fd31318414a2ce9  mes5/x86_64/proftpd-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 1719f42f610ec620d87bec52d6eabecd  mes5/x86_64/proftpd-devel-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 19998579435263ada5d44cd338e47be4  mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 eb317fad1b20365d393c5cf39d1f625b  mes5/x86_64/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 4f970b528ac6cb1983dbb37bd5dc419d  mes5/x86_64/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 368decaa63f0d1554e0a60e8c89e5bde  mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 ed3de838f3ebf6f076eb2ebe0b6d0672  mes5/x86_64/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 8b47d1fa57c04efe3efe21422bc7dade  mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 323574f327cbfa7a53d828ba588ee4de  mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 dde4d52cbcc480f2f4cb579dc9192ace  mes5/x86_64/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 21ce4bf2d7208aaa9a26c44605d684ae  mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 6b4461147b10b83935ff24cedc2a3711  mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 5eea60cd2e9ec2228053ab687b39b762  mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 d43368168c6bce2266e5c7ed47e1babb  mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 7a0f22079084eb93ef57f0351307e8ce  mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 5bc3a7c23d64a6370472a8bfc6d4b557  mes5/x86_64/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 a0d218ecd04d2bf8a66517715adecfe1  mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 d04672db1914cac3fb93fb7f7b2809b8  mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 7ed7719b520b5cc064850135c511faed  mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 e0d0574298da56fd9132cbf29d9dabfd  mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 ab1174d2d20fe2d435c5404ba71aaaf2  mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 7ee8ada196f9834edb9f49456a209b54  mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 0adef44803bd712aee6aa7b27cac0213  mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 02cc8c4356f0dcc4774a7d961aa884f2  mes5/x86_64/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 66be4115598106e48f201411e06a929b  mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 3ae0ab56eeca6524d8e35a50259880ab  mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 98d051c650475f42e668aa326917b46a  mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 85c9a1ff9e90d0301cb94c88747b1838  mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 d4582a5c3cc1b49cda531ba332739ab0  mes5/x86_64/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 fa2cde5a8f2f9341aa6f8cf03d2989d4  mes5/x86_64/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 5581418149d3b0c2d689f0227c310136  mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 4aa543bed0ca7d9e1a000510523ec67b  mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 7d6a94029d9e0a1f41dccfcf12640c74  mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 b919dbcd415646884fe108e2c65e985f  mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm
 33c196d28a2d7444323df75fb2031b35  mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 
 159e3566c92302969ca40d38b37c0427  mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 8894c0650a5fd8fc4ae90e0d7076d784  mbs1/x86_64/proftpd-1.3.3g-2.2.mbs1.x86_64.rpm
 483eefbfbd94017e1d0468c62be71817  mbs1/x86_64/proftpd-devel-1.3.3g-2.2.mbs1.x86_64.rpm
 49c8475366eafe540bf500df91e52576  mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.2.mbs1.x86_64.rpm
 ff58176ba72fa46041df0efb936f3423  mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.2.mbs1.x86_64.rpm
 cfb334e62d6bb02c7cad92ed704ba0f3  mbs1/x86_64/proftpd-mod_case-1.3.3g-2.2.mbs1.x86_64.rpm
 3c4081c4b4ae5ef551658e0b2acba833  mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.2.mbs1.x86_64.rpm
 384bf91e253a2c215d627bdcf06c2d0e  mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.2.mbs1.x86_64.rpm
 aaac9dd49d2cb3a405e8a5601e2b5bbe  mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.2.mbs1.x86_64.rpm
 2d3916273f01d603f3c8b11ed0995dcb  mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.2.mbs1.x86_64.rpm
 31f2bc5b2bb4cb8e1de113d9fa5941b7  mbs1/x86_64/proftpd-mod_load-1.3.3g-2.2.mbs1.x86_64.rpm
 4a8264924a0271b13648987048f908d2  mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.2.mbs1.x86_64.rpm
 7d9f41ac86104c48fa552eea590106ec  mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.2.mbs1.x86_64.rpm
 1413ffa427471f9026238019e53eab60  mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.2.mbs1.x86_64.rpm
 6a668d6acf56675278bd6a1e2043c7bc  mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.2.mbs1.x86_64.rpm
 1d2c9d7ca3ff98b73e382cd1c62bca3b  mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.2.mbs1.x86_64.rpm
 3063a00f1e6693010362e88daec12e0d  mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.2.mbs1.x86_64.rpm
 742c9bca71ff7325eea842c98ec8e843  mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.2.mbs1.x86_64.rpm
 a1c0408b245f8b86303e83376bb8a767  mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.2.mbs1.x86_64.rpm
 16234987a0ee0b84c4c86b992cd8a49d  mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.2.mbs1.x86_64.rpm
 b4c686c0e1004e091bd900b15ca14590  mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.2.mbs1.x86_64.rpm
 45946636376e208763857c4d3aab4389  mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.2.mbs1.x86_64.rpm
 2b78b77a20920ac27f74392d48d1e55b  mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.2.mbs1.x86_64.rpm
 1224cc483941df48c2ae075c7907e8df  mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.2.mbs1.x86_64.rpm
 2b57ba6e1e60b3ef8c55864e6ccea11f  mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.2.mbs1.x86_64.rpm
 5ff0cd038dced801d93720726b064b62  mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.2.mbs1.x86_64.rpm
 bd37b5ee528c7429e7e04f42dffbdffc  mbs1/x86_64/proftpd-mod_time-1.3.3g-2.2.mbs1.x86_64.rpm
 22003676c1c945c2fbe086def2951e6d  mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.2.mbs1.x86_64.rpm
 96d8740f7f3391ce1d32cfb5b73e37b3  mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.2.mbs1.x86_64.rpm
 139b03ae65f621e1040e50e90a7ad43d  mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.2.mbs1.x86_64.rpm
 5af2c6f664a1e950c14accb5daa46e0e  mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.2.mbs1.x86_64.rpm
 9ced62076d70032a88bff77d0c15866e  mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.2.mbs1.x86_64.rpm 
 ec0d6974ee0c906202405ee0b027eb15  mbs1/SRPMS/proftpd-1.3.3g-2.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSTT7qmqjQ0CJFipgRAu9bAKCZsiuPTXGuvLZTkvxf23exPoZcpACgv+73
Gv+V6+AGVqv7ba+Hw0XjuD4=
=i2z0
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ