Bug 681718 (CVE-2011-1137) - CVE-2011-1137 proftpd: integer overflow in mod_sftp
Summary: CVE-2011-1137 proftpd: integer overflow in mod_sftp
Status: CLOSED ERRATA
Alias: CVE-2011-1137
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110124,reported=20110302,sou...
Keywords: Security
Depends On: 681719
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-03 01:48 UTC by Vincent Danen
Modified: 2016-03-04 11:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-01 04:57:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Vincent Danen 2011-03-03 01:48:48 UTC
An integer overflow flaw was reported [1],[2] in the mod_sftp module of ProFTPD.  If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel.  This issue was assigned the name CVE-2011-1137 [3].  It was fixed in CVS [4],[5],[6]

References:

[1] http://bugs.proftpd.org/show_bug.cgi?id=3586
[2] http://www.exploit-db.com/exploits/16129/
[3] http://www.openwall.com/lists/oss-security/2011/03/02/5
[4] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
[5] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
[6] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2

Comment 1 Vincent Danen 2011-03-03 01:49:56 UTC
Created proftpd tracking bugs for this issue

Affects: fedora-all [bug 681719]

Comment 2 Paul Howarth 2011-06-29 12:07:21 UTC
I believe this one can be closed now.

Comment 3 Vincent Danen 2011-07-01 04:57:10 UTC
All current releases now have this fixed.

F-15 and Rawhide have 1.3.4rc2.

EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.


Note You need to log in before you can comment on or make changes to this bug.