Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 733376 - <net-ftp/proftpd-1.3.7a: Authenticated DoS
Summary: <net-ftp/proftpd-1.3.7a: Authenticated DoS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/proftpd/proftpd/is...
Whiteboard: C3 [glsa+]
Keywords:
Depends on: 738674
Blocks:
  Show dependency tree
 
Reported: 2020-07-21 05:23 UTC by John Helmert III (ajak)
Modified: 2020-09-13 23:43 UTC (History)
1 user (show)

See Also:
Package list:
net-ftp/proftpd-1.3.7a *
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-07-21 05:23:52 UTC
From $URL:

Fabian Vogt reported via email that while debugging an issue with libssh+mod_sftp, he accidentially stumbled upon a
reliable way to crash the proftpd server process (ProFTPD Version 1.3.6d):

ssh user@server scp

This causes sftp_scp_set_params to call getopt() with argc=2 and argv of ["scp", NULL], which leads to a null deref in getopt(). This does not happen with plain scp as client, because it passes the target path as non-option argument and so getopt() does not even reach the invalid last argv pointer.
Comment 1 John Helmert III (ajak) 2020-07-21 05:24:58 UTC
Maintainer, please bump to 1.3.7.
Comment 2 Larry the Git Cow gentoo-dev 2020-07-21 07:16:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f696442ef121d976168fed565b7e76cb4c6ab5a6

commit f696442ef121d976168fed565b7e76cb4c6ab5a6
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-07-21 07:16:01 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-07-21 07:16:18 +0000

    net-ftp/proftpd: bump up to 1.3.7
    
    Bug: https://bugs.gentoo.org/733376
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 net-ftp/proftpd/Manifest             |   1 +
 net-ftp/proftpd/proftpd-1.3.7.ebuild | 275 +++++++++++++++++++++++++++++++++++
 2 files changed, 276 insertions(+)
Comment 3 John Helmert III (ajak) 2020-07-21 18:31:36 UTC
commit 931ba0027e9147bb1c40346d49718518195a105b
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date:   Tue Jul 21 19:15:05 2020 +0100

    net-ftp/proftpd: bump up to 1.3.7a

    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 create mode 100644 net-ftp/proftpd/proftpd-1.3.7a.ebuild

commit 67a88ab29c7b4fc82630528bbef7ec270094c651
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date:   Tue Jul 21 19:16:00 2020 +0100

    profiles/package.mask: drop proftpd-1.3.7 mask

    The 1.3.7 ebuild is removed and fixed 1.3.7a version is available.

    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>



Thanks Sergei. Let's stable 1.3.7a when ready.
Comment 4 Sam James gentoo-dev Security 2020-08-11 08:33:21 UTC
ping
Comment 5 John Helmert III (ajak) 2020-09-10 02:18:28 UTC
Tree is clean:

commit 6e34b2123f7d2fa2d3c09c422e0ccae037b58353
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date:   Mon Sep 7 21:45:21 2020 +0100

    net-ftp/proftpd: drop old

    Package-Manager: Portage-3.0.5, Repoman-3.0.1
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 delete mode 100644 net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild
Comment 6 Thomas Deutschmann gentoo-dev Security 2020-09-12 20:09:49 UTC
New GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2020-09-13 23:43:31 UTC
This issue was resolved and addressed in
 GLSA 202009-11 at https://security.gentoo.org/glsa/202009-11
by GLSA coordinator Thomas Deutschmann (whissi).