Bug 219938
Summary: | CVE-2006-6563: proftpd < 1.3.1rc1 mod_ctrls buffer overflow | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <ville.skytta> |
Component: | proftpd | Assignee: | Matthias Saou <matthias> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | extras-qa, fedora-security-list |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.3.0a-3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-06 11:26:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ville Skyttä
2006-12-17 09:38:17 UTC
It seems like the 1.3.0 + patches from devel, FC-6 and FC-5 might not be affected. Still, I'd like to try this release candidate and eventually deploy it, but it fails to build on FC-6 with errors very early in the buils... *sigh* I'll have a look at it when I have time, and make it high priority if anyone confirms that the current builds are vulnerable. 1.3.1rc1 builds for me on fc6 Configured as ./configure --libexecdir=/usr/libexec/proftpd --localstatedir=/var/run --ena ble-ctrls --enable-facl --enable-dso --enable-ipv6 --with-libraries=/usr/lib/mys ql --with-includes=/usr/include/mysql --with-modules=mod_readme:mod_auth_pam:mod _tls --with-shared=mod_ldap:mod_sql:mod_sql_mysql:mod_sql_postgres:mod_quotatab: mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_sql (same as fe6 rpm, built on ia32) That's using the stock upstream code, I haven't added the shipped patches yet.... As already written, the 1.3.0a + patches builds in all supported branches (FC-5, FC-6 and devel) have this bug fixed. If you feel this isn't the case and are able to reproduce the problem with those builds, please reopen this report. BTW, the latest 1.3.1rc still doesn't build for me on devel (soon to be Fedora 7)... but that's a different problem. Patches to my email address are welcome, though, as well as pointers to upstream bug reports which might contain some. No reproducer here and this could use reviewing by someone better versed with C than myself, but reopening based on an observation: The patch which I gather fixes the reported issue in 1.3.1rc1, committed to CVS with log entry "Bug#2867 - Local authorized user buffer overflow in Controls request handling." is not yet applied in the current FE packages: http://proftp.cvs.sourceforge.net/proftp/proftpd/src/ctrls.c?r1=1.14&r2=1.15 Eh? I ticked the "reopen bug" radio button but all it did was added a "Reopened" keyword, bug status is still closed. Trying again. Please try reopening again. Should be fixed now. Thanks a lot for the details, Ville. I've included the patch in FC-5, FC-6 and devel branches, and rebuilds are waiting for the next push. |