Bug 681718 (CVE-2011-1137) - CVE-2011-1137 proftpd: integer overflow in mod_sftp
Summary: CVE-2011-1137 proftpd: integer overflow in mod_sftp
Alias: CVE-2011-1137
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 681719
TreeView+ depends on / blocked
Reported: 2011-03-03 01:48 UTC by Vincent Danen
Modified: 2019-09-29 12:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-07-01 04:57:10 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-03-03 01:48:48 UTC
An integer overflow flaw was reported [1],[2] in the mod_sftp module of ProFTPD.  If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel.  This issue was assigned the name CVE-2011-1137 [3].  It was fixed in CVS [4],[5],[6]


[1] http://bugs.proftpd.org/show_bug.cgi?id=3586
[2] http://www.exploit-db.com/exploits/16129/
[3] http://www.openwall.com/lists/oss-security/2011/03/02/5
[4] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=
[5] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=
[6] http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=

Comment 1 Vincent Danen 2011-03-03 01:49:56 UTC
Created proftpd tracking bugs for this issue

Affects: fedora-all [bug 681719]

Comment 2 Paul Howarth 2011-06-29 12:07:21 UTC
I believe this one can be closed now.

Comment 3 Vincent Danen 2011-07-01 04:57:10 UTC
All current releases now have this fixed.

F-15 and Rawhide have 1.3.4rc2.

EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.

Note You need to log in before you can comment on or make changes to this bug.