Bug 681718 (CVE-2011-1137)

Summary: CVE-2011-1137 proftpd: integer overflow in mod_sftp
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: matthias, paul
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-01 04:57:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 681719    
Bug Blocks:    

Description Vincent Danen 2011-03-03 01:48:48 UTC 
An integer overflow flaw was reported [1],[2] in the mod_sftp module of ProFTPD.  If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel.  This issue was assigned the name CVE-2011-1137 [3].  It was fixed in CVS [4],[5],[6]

References:

[1] http://bugs.proftpd.org/show_bug.cgi?id=3586
[2] http://www.exploit-db.com/exploits/16129/
[3] http://www.openwall.com/lists/oss-security/2011/03/02/5
[4] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
[5] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
[6] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
Comment 1 Vincent Danen 2011-03-03 01:49:56 UTC 
Created proftpd tracking bugs for this issue

Affects: fedora-all [bug 681719]
Comment 2 Paul Howarth 2011-06-29 12:07:21 UTC 
I believe this one can be closed now.
Comment 3 Vincent Danen 2011-07-01 04:57:10 UTC 
All current releases now have this fixed.

F-15 and Rawhide have 1.3.4rc2.

EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.