Bug 670170 - (CVE-2010-4652) CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled
CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing cer...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
public=20101118,reported=20110114,sou...
: Security
Depends On: 670172
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-17 07:37 EST by Jan Lieskovsky
Modified: 2016-03-04 07:44 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-29 07:46:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-01-17 07:37:02 EST
A heap-based buffer overflow flaw was found in the way ProFTPD FTP server
prepared SQL queries for certain usernames, when the mod_sql module was
enabled. A remote, unauthenticated attacker could use this flaw to
cause proftpd daemon to crash or, potentially, to execute arbitrary
code with the privileges of the user running 'proftpd' via a specially-crafted
username, provided in the authentication dialog.

Upstream bug report:
[1] http://bugs.proftpd.org/show_bug.cgi?id=3536

References:
[2] http://www.securityfocus.com/bid/44933
[3] http://phrack.org/issues.html?issue=67&id=7#article
[4] http://bugs.gentoo.org/show_bug.cgi?id=348998
[5] http://proftpd.org/docs/RELEASE_NOTES-1.3.3d (ProFTPD v1.3.3d release notes)

CVE identifier:
[6] http://www.openwall.com/lists/oss-security/2011/01/14/6
Comment 1 Jan Lieskovsky 2011-01-17 07:40:25 EST
This issue affects the versions of the proftpd package, as shipped
with Fedora release of 13 and 14.

This issue affects the versions of the proftpd package, as present
within EPEL-4 and EPEL-5 repositories.

Please rebase to latest (1.3.3d) version.
Comment 2 Jan Lieskovsky 2011-01-17 07:41:25 EST
Created proftpd tracking bugs for this issue

Affects: fedora-all [bug 670172]
Comment 3 Paul Howarth 2011-06-29 06:55:35 EDT
Do these Security Response bugs ever get closed?
Comment 4 Jan Lieskovsky 2011-06-29 07:46:17 EDT
Hi Paul,

  they are closed when the particular issue got addressed in all affected
versions. Which seems to be the case of this issue already. Thank you for
the updates. Closing.

(In reply to comment #3)
> Do these Security Response bugs ever get closed?

Note You need to log in before you can comment on or make changes to this bug.