An integer overflow flaw was reported [1],[2] in the mod_sftp module of ProFTPD. If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel. This issue was assigned the name CVE-2011-1137 [3]. It was fixed in CVS [4],[5],[6] References: [1] http://bugs.proftpd.org/show_bug.cgi?id=3586 [2] http://www.exploit-db.com/exploits/16129/ [3] http://www.openwall.com/lists/oss-security/2011/03/02/5 [4] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3 [5] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1 [6] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=681718
*** This bug has been marked as a duplicate of bug 354080 ***