An integer overflow flaw was reported [1],[2] in the mod_sftp module of ProFTPD. If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel. This issue was assigned the name CVE-2011-1137 [3]. It was fixed in CVS [4],[5],[6] References: [1] http://bugs.proftpd.org/show_bug.cgi?id=3586 [2] http://www.exploit-db.com/exploits/16129/ [3] http://www.openwall.com/lists/oss-security/2011/03/02/5 [4] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3 [5] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1 [6] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
Created proftpd tracking bugs for this issue Affects: fedora-all [bug 681719]
I believe this one can be closed now.
All current releases now have this fixed. F-15 and Rawhide have 1.3.4rc2. EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.