Package name
proftpd
Date
2006-12-18
Advisory ID
MDKSA-2006:232
Affected versions
2007.0 x86_64 , 2007.0 i586

Problem description

Stack-based buffer overflow in the pr_ctrls_recv_request function in
ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local
users to execute arbitrary code via a large reqarglen length value.

Packages have been patched to correct these issues.

Updated packages

2007.0 x86_64

 952398679665b5a5647ef5f879797074  2007.0/x86_64/proftpd-1.3.0-4.4mdv2007.0.x86_64.rpm
 b67b546a78493bc67296b001da9f6dc5  2007.0/x86_64/proftpd-anonymous-1.3.0-4.4mdv2007.0.x86_64.rpm
 57d7228f8190ad5956221ddd33748b2d  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.x86_64.rpm
 c81674d9864512a2b47b00a4b9fc7ea2  2007.0/x86_64/proftpd-mod_case-1.3.0-4.4mdv2007.0.x86_64.rpm
 38629437de2866467dbee64942ef3d55  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.x86_64.rpm
 59b89afa67aa44cf302b4585738d6b0c  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.x86_64.rpm
 11d2e9e34803433fb623bff58e19fcc3  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.4mdv2007.0.x86_64.rpm
 904dc5ff6e1ca7205eb28a0d31db67df  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3eed275e17b61dc989e898531c3f2ed  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.x86_64.rpm
 a060e67e5b0fe1e15dbc2e6d148de9b2  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 959febcf9f74abccf5e3f249b3cd4501  2007.0/x86_64/proftpd-mod_load-1.3.0-4.4mdv2007.0.x86_64.rpm
 f0807b9080f431540bfe8b5729b2005f  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.x86_64.rpm
 b0c463356a8cbc6140d6ea7b28c6dc72  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 7dc4d54215124488579a572f49e4eea8  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 2e8fbfc88d28b2fd367088ffb66b044e  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 6569fcc36cc6d11dfcc50db89a33037f  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.4mdv2007.0.x86_64.rpm
 39838f915a30da0f1ed0245fc521051e  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.x86_64.rpm
 dd89c2a4e5878c440fa506b36104f0fb  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.x86_64.rpm
 4b581f3bc61e0d34ff91f4dfad973ea1  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.x86_64.rpm
 37c2b30dcfc23cd9d1b6483e3b436442  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.x86_64.rpm
 a6ea95e4cdc9c3a17d06442c41169d69  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 a7011c17a1a97a32b46a0a125fcaa28e  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.x86_64.rpm
 f65a272ba0af2f52a26fba6ebd216ee0  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.x86_64.rpm
 3187bcd5a199bbdafa6b49a43eb6cf91  2007.0/x86_64/proftpd-mod_time-1.3.0-4.4mdv2007.0.x86_64.rpm
 296952dc6fd46b23a309e762d7784044  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.4mdv2007.0.x86_64.rpm
 dad6e49ca6ea17a06d22740532acfc33  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3fa12831336500d533262efe59541a7  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 3359395a670ecb3d7a94fc9e5d75373a  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.x86_64.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm

2007.0 i586

 afa8803b9eede3fb73f55d31cb33e594  2007.0/i586/proftpd-1.3.0-4.4mdv2007.0.i586.rpm
 a1239dcf4957c20d234084c22a063812  2007.0/i586/proftpd-anonymous-1.3.0-4.4mdv2007.0.i586.rpm
 e9e9a955957310f3ef26fa55e24a191d  2007.0/i586/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.i586.rpm
 f1b9111ed66ef2316e386e992bff56a8  2007.0/i586/proftpd-mod_case-1.3.0-4.4mdv2007.0.i586.rpm
 2f2aa9286bc126898cb23eaac5547cc0  2007.0/i586/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.i586.rpm
 c5c71f0f78f6506842756ba9c79d121e  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.i586.rpm
 bafbeb5bfc0684fcd053caec876646e8  2007.0/i586/proftpd-mod_facl-1.3.0-4.4mdv2007.0.i586.rpm
 4f4c8bd3a36ff3b68e7a479590a3ee25  2007.0/i586/proftpd-mod_gss-1.3.0-4.4mdv2007.0.i586.rpm
 d5c741aec06c740e9d7f035a887f68d5  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.i586.rpm
 e61958daf818219eb409565efb0be974  2007.0/i586/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 c6f84f04b1a35ef26d6985a9063f0993  2007.0/i586/proftpd-mod_load-1.3.0-4.4mdv2007.0.i586.rpm
 dc0fec8773907dd7739fab6f5f6a5c78  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.i586.rpm
 860e998696b9140c94357457136be823  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.i586.rpm
 31478a97cf53f3da2b02ff26a19f9f69  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 355b61338fd647be4054d19e6c01587c  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.i586.rpm
 aef74c8839a8cb1fef322573a5c8d484  2007.0/i586/proftpd-mod_radius-1.3.0-4.4mdv2007.0.i586.rpm
 39b8c05989e14fc1aeb6fd1395d43973  2007.0/i586/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.i586.rpm
 61317e3f7742f4de4cfb26780f5cdd9a  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.i586.rpm
 4eba5eb110289f346d1ba0881ac82d50  2007.0/i586/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.i586.rpm
 481a8ed2e0ffbc03751d26cd2ae0acb3  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.i586.rpm
 76e926b07afbe8748f0ca072a1456c9b  2007.0/i586/proftpd-mod_sql-1.3.0-4.4mdv2007.0.i586.rpm
 834b63d40bb375af7694165303dbaf54  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.i586.rpm
 68190d61d5f9dc321d5e96eebdc6bc17  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.i586.rpm
 d2a242a9d88ac200a5715ec3a979627d  2007.0/i586/proftpd-mod_time-1.3.0-4.4mdv2007.0.i586.rpm
 a5d110ed77605d7056795a759d620774  2007.0/i586/proftpd-mod_tls-1.3.0-4.4mdv2007.0.i586.rpm
 6d563b023289499bafa6438e18bea304  2007.0/i586/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.i586.rpm
 97066280186fe51879b1f9f83a0fe865  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.i586.rpm
 2a8ffd5324411ca4c5579b0f3cc821e0  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.i586.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm

References