357535 – net-ftp/proftpd: integer overflow in mod_sftp (CVE-2011-1137)

Bug 357535 - net-ftp/proftpd: integer overflow in mod_sftp (CVE-2011-1137)

Summary: net-ftp/proftpd: integer overflow in mod_sftp (CVE-2011-1137)

Status:	RESOLVED DUPLICATE of bug 354080

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://bugs.proftpd.org/show_bug.cgi?...
Whiteboard:	B3? [upstream/ebuild?]
Keywords:

Depends on:
Blocks:

Reported:	2011-03-05 15:03 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified:	2011-03-05 21:30 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-03-05 15:03:21 UTC

An integer overflow flaw was reported [1],[2] in the mod_sftp module of
ProFTPD.  If a specially crafted SSH message was sent to a ProFTPD server using
mod_sftp, it could lead to the allocation of enormous amounts of memory and an
eventual OOM termination by the kernel.  This issue was assigned the name
CVE-2011-1137 [3].  It was fixed in CVS [4],[5],[6]

References:

[1] http://bugs.proftpd.org/show_bug.cgi?id=3586
[2] http://www.exploit-db.com/exploits/16129/
[3] http://www.openwall.com/lists/oss-security/2011/03/02/5
[4]
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
[5]
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
[6]
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2

https://bugzilla.redhat.com/show_bug.cgi?id=681718

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-03-05 21:30:33 UTC


*** This bug has been marked as a duplicate of bug 354080 ***