Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 710730 (CVE-2020-9272, CVE-2020-9273) - <net-ftp/proftpd-1.3.6c: use-after-free in alloc_pool in pool.c (CVE-2020-{9272,9273})
Summary: <net-ftp/proftpd-1.3.6c: use-after-free in alloc_pool in pool.c (CVE-2020-{92...
Status: RESOLVED FIXED
Alias: CVE-2020-9272, CVE-2020-9273
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/proftpd/proftpd/is...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-24 23:59 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-02 17:53 UTC (History)
1 user (show)

See Also:
Package list:
net-ftp/proftpd-1.3.6c
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-02-24 23:59:02 UTC
CVE-2020-9273 (https://nvd.nist.gov/vuln/detail/CVE-2020-9273):
  In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting
  the data transfer channel. This triggers a use-after-free in alloc_pool in
  pool.c, and possible remote code execution.
Comment 2 Larry the Git Cow gentoo-dev 2020-02-25 08:39:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfa4622ef7d68e3fb14fc62e84d9ad549338373d

commit bfa4622ef7d68e3fb14fc62e84d9ad549338373d
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-02-25 08:39:33 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-02-25 08:39:51 +0000

    net-ftp/proftpd: bump up to 1.3.6c, bug #710730
    
    Bug: https://bugs.gentoo.org/710730
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 net-ftp/proftpd/Manifest              |   1 +
 net-ftp/proftpd/proftpd-1.3.6c.ebuild | 274 ++++++++++++++++++++++++++++++++++
 2 files changed, 275 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2020-03-01 18:49:30 UTC
This also fixes CVE-2020-9272.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-03-15 06:43:21 UTC
CVE-2020-9272 (https://nvd.nist.gov/vuln/detail/CVE-2020-9272):
  ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via
  the cap_text.c cap_to_text function.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-15 06:44:03 UTC
CVE-2020-9272 (https://nvd.nist.gov/vuln/detail/CVE-2020-9272):
  ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via
  the cap_text.c cap_to_text function.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2020-03-15 06:46:18 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.

proftpd-1.3.6c
Comment 7 Rolf Eike Beer 2020-03-16 17:42:04 UTC
sparc stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-03-16 21:10:58 UTC
This issue was resolved and addressed in
 GLSA 202003-35 at https://security.gentoo.org/glsa/202003-35
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 9 Thomas Deutschmann gentoo-dev Security 2020-03-16 21:11:36 UTC
Re-opening for remaining architectures.
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-17 18:45:18 UTC
amd64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-03-18 09:46:37 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-03-18 09:56:13 UTC
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-03-18 11:12:31 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-03-18 11:14:17 UTC
ppc64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2020-03-18 15:22:49 UTC
x86 stable
Comment 16 Rolf Eike Beer 2020-03-18 18:20:43 UTC
hppa stable
Comment 17 Sam James archtester gentoo-dev Security 2020-03-18 20:04:15 UTC
Thanks arches.

@maintainer(s), ok to cleanup?
Comment 18 Larry the Git Cow gentoo-dev 2020-03-18 21:30:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=195ad646be2d92d29e5dbd218a7918d633b12b29

commit 195ad646be2d92d29e5dbd218a7918d633b12b29
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-03-18 21:30:45 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-03-18 21:30:52 +0000

    net-ftp/proftpd: drop <net-ftp/proftpd-1.3.6c, bug #710730
    
    Bug: https://bugs.gentoo.org/710730
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 net-ftp/proftpd/Manifest                 |   1 -
 net-ftp/proftpd/proftpd-1.3.6b-r1.ebuild | 275 -------------------------------
 2 files changed, 276 deletions(-)
Comment 19 Yury German Gentoo Infrastructure gentoo-dev Security 2020-03-20 03:07:35 UTC
Arches and Maintainer(s), Thank you for your work.

Closing since GLSA was released
Comment 20 NATTkA bot gentoo-dev 2020-04-06 14:49:17 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 21 NATTkA bot gentoo-dev 2020-05-02 17:52:36 UTC
Unable to check for sanity:

> no match for package: net-ftp/proftpd-1.3.6c