Paketname
proftpd
Datum
2006-11-30
Advisory ID
MDKSA-2006:217-1
Betroffene Versionen
CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problembeschreibung

A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0
and earlier, allows remote attackers to cause a denial of service, as
demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
(CVE-2006-5815)

Buffer overflow in the tls_x509_name_oneline function in the mod_tls
module, as used in ProFTPD 1.3.0a and earlier, and possibly other
products, allows remote attackers to execute arbitrary code via a large
data length argument, a different vulnerability than CVE-2006-5815.
(CVE-2006-6170)

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit
when CommandBufferSize is specified in the configuration file, which
leads to an off-by-two buffer underflow. NOTE: in November 2006, the
role of CommandBufferSize was originally associated with CVE-2006-5815,
but this was an error stemming from an initial vague disclosure. NOTE:
ProFTPD developers dispute this issue, saying that the relevant memory
location is overwritten by assignment before further use within the
affected function, so this is not a vulnerability. (CVE-2006-6171)

Packages have been patched to correct these issues.

Update:

The previous update incorrectly linked the vd_proftd.pm issue with the
CommandBufferSize issue. These are two distinct issues and the previous
update only addressed CommandBufferSize (CVE-2006-6171), and the
mod_tls issue (CVE-2006-6170).

Aktualisierte Pakete

CS4.0 x86_64

 b2e043f4ad4b4045ae0f09074be55327  corporate/4.0/x86_64/proftpd-1.2.10-20.3.20060mlcs4.x86_64.rpm
 8524b1da761c3f24f3b0dd0d9a0139b7  corporate/4.0/x86_64/proftpd-anonymous-1.2.10-20.3.20060mlcs4.x86_64.rpm 
 f2f48f3379be27c86e4edc1a9cb53d53  corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm

2006.0 i586

 b1cd1e2584e59418a20260b3f3332208  2006.0/i586/proftpd-1.2.10-13.3.20060mdk.i586.rpm
 979d14f8aa6312dac64948e1e9445f33  2006.0/i586/proftpd-anonymous-1.2.10-13.3.20060mdk.i586.rpm 
 1d446921049eb39f91f0450a0ff74018  2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

2007.0 x86_64

 a3f7f06d36e939decedbfbd73b068a00  2007.0/x86_64/proftpd-1.3.0-4.3mdv2007.0.x86_64.rpm
 e57974563e6a6a856997ece7ae4223f3  2007.0/x86_64/proftpd-anonymous-1.3.0-4.3mdv2007.0.x86_64.rpm
 351f1bcb4148bb3e2d42e4f8b63866bb  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.x86_64.rpm
 5244e4fe2899727b8ed9ff8c2108e835  2007.0/x86_64/proftpd-mod_case-1.3.0-4.3mdv2007.0.x86_64.rpm
 6945e72c1af1e29f0e8a4f851fde7c04  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.x86_64.rpm
 eaeba816574a28d65c243d70c55a2be7  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.x86_64.rpm
 4b61ef08a72e13acf1c245efda94e14d  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.3mdv2007.0.x86_64.rpm
 599338063d6b3358c92bc675748a5276  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.3mdv2007.0.x86_64.rpm
 113e48693e6f717523f53d7bd362f167  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.x86_64.rpm
 0afda1fa0eb473074bbf591b87c205f5  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
 d5f67ae4a0057ac1574446d53a2b01c2  2007.0/x86_64/proftpd-mod_load-1.3.0-4.3mdv2007.0.x86_64.rpm
 24598aaa7594f1c3cce8104c0691fd89  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.x86_64.rpm
 ae6875064975d76b2f2ce5c2cee3c4cf  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.x86_64.rpm
 a383a4b78ec3e492563c9ef542c2a701  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
 eccf357b396c651538df038d7c480516  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
 0b41852744c4493629eb1d71c8091c8a  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.3mdv2007.0.x86_64.rpm
 93d8f354acd5a7e25478b9bbd3319617  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.x86_64.rpm
 332c8e76e5a93e5011caeb3fbf9d8d7d  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.x86_64.rpm
 03aed52b479f6bf0affa3a697aebe47d  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.x86_64.rpm
 4ea161e9f3821a3f90a2e19f22fdb487  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.x86_64.rpm
 ef8473f399c9fab49b174438e9f57f1a  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
 e77455dd400984b833dd3bf52b6c9876  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.x86_64.rpm
 b194fe453ab8f2d900f49a8fee4d8a43  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.x86_64.rpm
 26177d8de2b31e25d54458f125a4bef6  2007.0/x86_64/proftpd-mod_time-1.3.0-4.3mdv2007.0.x86_64.rpm
 27cab8a3a4bf0162e4e4aeb8f2235c18  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.3mdv2007.0.x86_64.rpm
 0eebacf7e2aacf1893e6f077a05deade  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.x86_64.rpm
 e1c973141f23a99f1a1e5cfad06ba507  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.x86_64.rpm
 ea8918c00be656f8c5c1be6e7e5c29cc  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.x86_64.rpm 
 56f9c85b919e81120ef5c9f95c5fbb70  2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

2007.0 i586

 a37912e678d6dbfe2ed21a2c432e029c  2007.0/i586/proftpd-1.3.0-4.3mdv2007.0.i586.rpm
 89b3d4beac485d4879295ad99a17cd1b  2007.0/i586/proftpd-anonymous-1.3.0-4.3mdv2007.0.i586.rpm
 c206fc94fd81a8f79a158efe6e0fa8fb  2007.0/i586/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.i586.rpm
 6ba12b916446da7651ced303cd5c2f0a  2007.0/i586/proftpd-mod_case-1.3.0-4.3mdv2007.0.i586.rpm
 a3d6b7c829345d6edf9f22efb8369b58  2007.0/i586/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.i586.rpm
 a51a76a0e93f638018a15a28d67d1bc6  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.i586.rpm
 458913aaa82dd80691b08e69c2d7a68e  2007.0/i586/proftpd-mod_facl-1.3.0-4.3mdv2007.0.i586.rpm
 3e929da8229f69a9c2c8702f2c79bbfe  2007.0/i586/proftpd-mod_gss-1.3.0-4.3mdv2007.0.i586.rpm
 9c7ad69945b176c59f682a750ba0da86  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.i586.rpm
 de0dd2a5354bdd79842c84dd0698ae80  2007.0/i586/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.i586.rpm
 84255d9b701a430fdebc8ffa0804462d  2007.0/i586/proftpd-mod_load-1.3.0-4.3mdv2007.0.i586.rpm
 5a9dea0cc961f50a772f0c7f6d04fb2c  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.i586.rpm
 da44806b650245adadee9227d60fed35  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.i586.rpm
 c2fd38d0ab3e324e377a0a83449bdcfc  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.i586.rpm
 db3864770f8aa649190e84ac04c7d26a  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.i586.rpm
 1f1a0e13808bfe3179c1142d2cfc76bd  2007.0/i586/proftpd-mod_radius-1.3.0-4.3mdv2007.0.i586.rpm
 93f3736a42145559e9faffa16c68271d  2007.0/i586/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.i586.rpm
 ce6ce9b9340c328ff0956481fe9ee5ff  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.i586.rpm
 8c7089d22b32a863691fcf1ff3c1b6bf  2007.0/i586/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.i586.rpm
 23b8d3f76708ce59d83bf07a6c19034d  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.i586.rpm
 845b77cc6c4c2f4eb8c4a41d369afe3d  2007.0/i586/proftpd-mod_sql-1.3.0-4.3mdv2007.0.i586.rpm
 7d98b511040ce3a9c16ca38fad98cdc7  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.i586.rpm
 44bdd048bac956a52adae56b429419a8  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.i586.rpm
 bece7d223e81935362115874debc625f  2007.0/i586/proftpd-mod_time-1.3.0-4.3mdv2007.0.i586.rpm
 b655b11679c1d46750397f647499d113  2007.0/i586/proftpd-mod_tls-1.3.0-4.3mdv2007.0.i586.rpm
 f051af523f306a8547cc232df6af61b0  2007.0/i586/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.i586.rpm
 ea415328f16a7c86c530b1628e9e7119  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.i586.rpm
 40cc7355b7baea00dc0ca3d9fbb23d54  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.i586.rpm 
 56f9c85b919e81120ef5c9f95c5fbb70  2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

CS3.0 x86_64

 c76e71ec99c373b351a69b33d09e0328  corporate/3.0/x86_64/proftpd-1.2.9-3.6.C30mdk.x86_64.rpm
 6a7866fb417a3ba020caad45f7696a1d  corporate/3.0/x86_64/proftpd-anonymous-1.2.9-3.6.C30mdk.x86_64.rpm 
 fd2a42044333ba3528899e65e6028b28  corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

CS4.0 i586

 3a74dd621c2836818d884faa26577379  corporate/4.0/i586/proftpd-1.2.10-20.3.20060mlcs4.i586.rpm
 75fa75338ed57f5d0aeb137ca7efe521  corporate/4.0/i586/proftpd-anonymous-1.2.10-20.3.20060mlcs4.i586.rpm 
 f2f48f3379be27c86e4edc1a9cb53d53  corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm

CS3.0 i586

 05c8ada8f0f64c13e392bacea28a57c3  corporate/3.0/i586/proftpd-1.2.9-3.6.C30mdk.i586.rpm
 38d0c4fb80b8511d4fc60e29b76c2329  corporate/3.0/i586/proftpd-anonymous-1.2.9-3.6.C30mdk.i586.rpm 
 fd2a42044333ba3528899e65e6028b28  corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

2006.0 x86_64

 80f43de2dcf0aab1956552ef2a93c1b5  2006.0/x86_64/proftpd-1.2.10-13.3.20060mdk.x86_64.rpm
 62862e2c1c5c870946406beb2b982237  2006.0/x86_64/proftpd-anonymous-1.2.10-13.3.20060mdk.x86_64.rpm 
 1d446921049eb39f91f0450a0ff74018  2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

Referenzen