MDKSA-2005:140

Package name

proftpd

Date

2005-08-15

Advisory ID

MDKSA-2005:140

Affected versions

10.2 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when the shutdown message is being sent. The second exists when displaying response messages to the cleint using information retreived from a database using mod_sql. Note that mod_sql support is not enabled by default, but the contrib source file has been patched regardless. The updated packages have been patched to correct these problems.

Updated packages

10.2 x86_64

 9077e02a37afaeef184095d5e32d4795  x86_64/10.2/RPMS/proftpd-1.2.10-9.1.102mdk.x86_64.rpm
6f7e7a053d2a8d3872efdd87dcf1227f  x86_64/10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.x86_64.rpm
332bc621d075cce043964146d874eefc  x86_64/10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

10.0 amd64

 23c5bf83875f00ab5f554029c6aa9177  amd64/10.0/RPMS/proftpd-1.2.9-3.3.100mdk.amd64.rpm
80b34a20f86d090c0b1f19972f213af8  amd64/10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.amd64.rpm
cef8ec2cd6a3ec3c1e2b737221cbf97c  amd64/10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

10.2 i586

 62c9ac6c9f9cefe3ae26d00287430abd  10.2/RPMS/proftpd-1.2.10-9.1.102mdk.i586.rpm
77020ac5c67cf4ed616a4d858cbdca61  10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.i586.rpm
332bc621d075cce043964146d874eefc  10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

10.1 i586

 68039b1c9e9090856e8e93c11edc3c10  10.1/RPMS/proftpd-1.2.10-2.1.101mdk.i586.rpm
0952d937b0d8432eeb365ea07ba267b9  10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.i586.rpm
fafda6527589ac244691743278c5fb2f  10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

10.0 i586

 9754b8d4357f6843ed9f613d1daeca4e  10.0/RPMS/proftpd-1.2.9-3.3.100mdk.i586.rpm
9009783efdf84c2f92a988e6268f0631  10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.i586.rpm
cef8ec2cd6a3ec3c1e2b737221cbf97c  10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

CS3.0 x86_64

 96d72d9503f3b7f86d7b162453f9f25c  x86_64/corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.x86_64.rpm
eff847004e164052d380b9937ec641ee  x86_64/corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.x86_64.rpm
b71bb2a58e0ac2d224c2fc332fbccdc7  x86_64/corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm

CS3.0 i586

 ed09c8c53d71e04c21ffaf1d647722c1  corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.i586.rpm
5885b14d6817c11ef29c03aed76cb61f  corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.i586.rpm
b71bb2a58e0ac2d224c2fc332fbccdc7  corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm

10.1 x86_64

 1c37bda199475b68dae530c06285222f  x86_64/10.1/RPMS/proftpd-1.2.10-2.1.101mdk.x86_64.rpm
4e2c3f72c6bc1710e82f81d919df4a0d  x86_64/10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.x86_64.rpm
fafda6527589ac244691743278c5fb2f  x86_64/10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2390
• http://secunia.com/advisories/16181