[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VRib5-0000e1-2Q@titan.mandriva.com>
Date: Thu, 03 Oct 2013 15:05:36 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:245 ] proftpd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:245
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : proftpd
Date : October 3, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in proftpd:
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and
1.3.5r3 allows remote attackers to cause a denial of service (memory
consumption) via a large response count value in an authentication
request, which triggers a large memory allocation (CVE-2013-4359).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
46983ffd7098530fca4128077d97a523 mes5/i586/proftpd-1.3.3g-0.3mdvmes5.2.i586.rpm
a04e0b56bf0eb0d2d4cdece3ffc85029 mes5/i586/proftpd-devel-1.3.3g-0.3mdvmes5.2.i586.rpm
025f570c1dc8efdc45895a3616da1e06 mes5/i586/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.i586.rpm
450f15d6116cab768617d48011c3e817 mes5/i586/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.i586.rpm
a98343b24afe7e37fba65e1dda0195e1 mes5/i586/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.i586.rpm
43616f2c325f048e059fcf17ab51393c mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.i586.rpm
fe0fd656038018fdce84bd43cdef5772 mes5/i586/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.i586.rpm
e6f8e5ac0ebf015f11d3883772603be3 mes5/i586/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.i586.rpm
876f7f2f217eef5a3c37ddd0a1b14e4e mes5/i586/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm
567712b13a4d71d8f1425c50c93da77f mes5/i586/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.i586.rpm
5f4dc1d5ae8a1b1ebb69f4fefb770209 mes5/i586/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.i586.rpm
43537fb14fd6d668378353e2d3fed566 mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.i586.rpm
44bc319aaea602ef75ef4b7ab0a30f63 mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm
f7824603f5f4192be16872b14b9e29af mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.i586.rpm
948961bc889efd5ddb1b7aeae4aa1925 mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
7012699225ae929c26526c81bead2c40 mes5/i586/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.i586.rpm
87330a04471f3a047cdd49ad4151b8e1 mes5/i586/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.i586.rpm
44b63f1707ebc0436156a7d9ce1602fa mes5/i586/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.i586.rpm
384bb9641df7c17cae6375f93a454ff6 mes5/i586/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.i586.rpm
cf2705bc941d052b603935a84e4306a4 mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.i586.rpm
026d9596cc3379b5a2bb4980acac57b3 mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
7209015b90d427445b047be9bfee5d08 mes5/i586/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.i586.rpm
6d881af562adcfee2b4d3eb21ef8aa1d mes5/i586/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.i586.rpm
557aa8921aa2f6ceccf9491711adfabf mes5/i586/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
020203dadddd0122f0c7ebbfbf12c790 mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.i586.rpm
512866f3265a2876c3faafbd93e76d41 mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.i586.rpm
ee8998f366f8323b0064362c3cf12a8f mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.i586.rpm
b314dc7d58b779092710c95d8fb4b577 mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.i586.rpm
86ce25cf1e2d557dfc8a838965236965 mes5/i586/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.i586.rpm
2ddbdca6dc855e2e90ca5b38e2703409 mes5/i586/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.i586.rpm
6d1a4b01f2dd733ae5207a2dff78424f mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.i586.rpm
d44e3df2773cd71189fd859239f119b9 mes5/i586/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.i586.rpm
23751186af1e2588e07e43e60099fcf2 mes5/i586/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.i586.rpm
5eb2de8b3640f317266e4a8032693320 mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.i586.rpm
7ac0e08ec868cbbb2004b05a7def10ba mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.i586.rpm
159e3566c92302969ca40d38b37c0427 mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
38796f9d366483a30fd31318414a2ce9 mes5/x86_64/proftpd-1.3.3g-0.3mdvmes5.2.x86_64.rpm
1719f42f610ec620d87bec52d6eabecd mes5/x86_64/proftpd-devel-1.3.3g-0.3mdvmes5.2.x86_64.rpm
19998579435263ada5d44cd338e47be4 mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.x86_64.rpm
eb317fad1b20365d393c5cf39d1f625b mes5/x86_64/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.x86_64.rpm
4f970b528ac6cb1983dbb37bd5dc419d mes5/x86_64/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.x86_64.rpm
368decaa63f0d1554e0a60e8c89e5bde mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.x86_64.rpm
ed3de838f3ebf6f076eb2ebe0b6d0672 mes5/x86_64/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.x86_64.rpm
8b47d1fa57c04efe3efe21422bc7dade mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.x86_64.rpm
323574f327cbfa7a53d828ba588ee4de mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
dde4d52cbcc480f2f4cb579dc9192ace mes5/x86_64/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.x86_64.rpm
21ce4bf2d7208aaa9a26c44605d684ae mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.x86_64.rpm
6b4461147b10b83935ff24cedc2a3711 mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm
5eea60cd2e9ec2228053ab687b39b762 mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
d43368168c6bce2266e5c7ed47e1babb mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm
7a0f22079084eb93ef57f0351307e8ce mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
5bc3a7c23d64a6370472a8bfc6d4b557 mes5/x86_64/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm
a0d218ecd04d2bf8a66517715adecfe1 mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.x86_64.rpm
d04672db1914cac3fb93fb7f7b2809b8 mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.x86_64.rpm
7ed7719b520b5cc064850135c511faed mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.x86_64.rpm
e0d0574298da56fd9132cbf29d9dabfd mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.x86_64.rpm
ab1174d2d20fe2d435c5404ba71aaaf2 mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
7ee8ada196f9834edb9f49456a209b54 mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.x86_64.rpm
0adef44803bd712aee6aa7b27cac0213 mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.x86_64.rpm
02cc8c4356f0dcc4774a7d961aa884f2 mes5/x86_64/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
66be4115598106e48f201411e06a929b mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
3ae0ab56eeca6524d8e35a50259880ab mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.x86_64.rpm
98d051c650475f42e668aa326917b46a mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.x86_64.rpm
85c9a1ff9e90d0301cb94c88747b1838 mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.x86_64.rpm
d4582a5c3cc1b49cda531ba332739ab0 mes5/x86_64/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.x86_64.rpm
fa2cde5a8f2f9341aa6f8cf03d2989d4 mes5/x86_64/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.x86_64.rpm
5581418149d3b0c2d689f0227c310136 mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.x86_64.rpm
4aa543bed0ca7d9e1a000510523ec67b mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.x86_64.rpm
7d6a94029d9e0a1f41dccfcf12640c74 mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.x86_64.rpm
b919dbcd415646884fe108e2c65e985f mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm
33c196d28a2d7444323df75fb2031b35 mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm
159e3566c92302969ca40d38b37c0427 mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
8894c0650a5fd8fc4ae90e0d7076d784 mbs1/x86_64/proftpd-1.3.3g-2.2.mbs1.x86_64.rpm
483eefbfbd94017e1d0468c62be71817 mbs1/x86_64/proftpd-devel-1.3.3g-2.2.mbs1.x86_64.rpm
49c8475366eafe540bf500df91e52576 mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.2.mbs1.x86_64.rpm
ff58176ba72fa46041df0efb936f3423 mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.2.mbs1.x86_64.rpm
cfb334e62d6bb02c7cad92ed704ba0f3 mbs1/x86_64/proftpd-mod_case-1.3.3g-2.2.mbs1.x86_64.rpm
3c4081c4b4ae5ef551658e0b2acba833 mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.2.mbs1.x86_64.rpm
384bf91e253a2c215d627bdcf06c2d0e mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.2.mbs1.x86_64.rpm
aaac9dd49d2cb3a405e8a5601e2b5bbe mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.2.mbs1.x86_64.rpm
2d3916273f01d603f3c8b11ed0995dcb mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.2.mbs1.x86_64.rpm
31f2bc5b2bb4cb8e1de113d9fa5941b7 mbs1/x86_64/proftpd-mod_load-1.3.3g-2.2.mbs1.x86_64.rpm
4a8264924a0271b13648987048f908d2 mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.2.mbs1.x86_64.rpm
7d9f41ac86104c48fa552eea590106ec mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.2.mbs1.x86_64.rpm
1413ffa427471f9026238019e53eab60 mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.2.mbs1.x86_64.rpm
6a668d6acf56675278bd6a1e2043c7bc mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.2.mbs1.x86_64.rpm
1d2c9d7ca3ff98b73e382cd1c62bca3b mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.2.mbs1.x86_64.rpm
3063a00f1e6693010362e88daec12e0d mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.2.mbs1.x86_64.rpm
742c9bca71ff7325eea842c98ec8e843 mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.2.mbs1.x86_64.rpm
a1c0408b245f8b86303e83376bb8a767 mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.2.mbs1.x86_64.rpm
16234987a0ee0b84c4c86b992cd8a49d mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.2.mbs1.x86_64.rpm
b4c686c0e1004e091bd900b15ca14590 mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.2.mbs1.x86_64.rpm
45946636376e208763857c4d3aab4389 mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.2.mbs1.x86_64.rpm
2b78b77a20920ac27f74392d48d1e55b mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.2.mbs1.x86_64.rpm
1224cc483941df48c2ae075c7907e8df mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.2.mbs1.x86_64.rpm
2b57ba6e1e60b3ef8c55864e6ccea11f mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.2.mbs1.x86_64.rpm
5ff0cd038dced801d93720726b064b62 mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.2.mbs1.x86_64.rpm
bd37b5ee528c7429e7e04f42dffbdffc mbs1/x86_64/proftpd-mod_time-1.3.3g-2.2.mbs1.x86_64.rpm
22003676c1c945c2fbe086def2951e6d mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.2.mbs1.x86_64.rpm
96d8740f7f3391ce1d32cfb5b73e37b3 mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.2.mbs1.x86_64.rpm
139b03ae65f621e1040e50e90a7ad43d mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.2.mbs1.x86_64.rpm
5af2c6f664a1e950c14accb5daa46e0e mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.2.mbs1.x86_64.rpm
9ced62076d70032a88bff77d0c15866e mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.2.mbs1.x86_64.rpm
ec0d6974ee0c906202405ee0b027eb15 mbs1/SRPMS/proftpd-1.3.3g-2.2.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSTT7qmqjQ0CJFipgRAu9bAKCZsiuPTXGuvLZTkvxf23exPoZcpACgv+73
Gv+V6+AGVqv7ba+Hw0XjuD4=
=i2z0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists