[Security Announce] [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities
Posted on: 11/20/2006 11:35 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:217
http://www.mandriva.com/security/
_______________________________________________________________________

Package : proftpd
Date : November 20, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix,
a Denial of Service (DoS) vulnerability exists in the FTP server
ProFTPD, up to and including version 1.3.0. The flaw is due to both a
potential bus error and a definitive buffer overflow in the code which
determines the FTP command buffer size limit. The vulnerability can be
exploited only if the "CommandBufferSize" directive is explicitly used
in the server configuration, which is not the case in the default
configuration of ProFTPD.

Packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
0053ca9816e0bc25bccfe2f44d908eda 2006.0/i586/proftpd-1.2.10-13.2.20060mdk.i586.rpm
b01ed124f81f9f57c3217638f2b248fe 2006.0/i586/proftpd-anonymous-1.2.10-13.2.20060mdk.i586.rpm
0baf0a1757155c41e5a9748f3b5a2977 2006.0/SRPMS/proftpd-1.2.10-13.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
19c1348e2378d8e266543e9f411e7bec 2006.0/x86_64/proftpd-1.2.10-13.2.20060mdk.x86_64.rpm
0c61b1862cea2be964ec7117d3c1fa9e 2006.0/x86_64/proftpd-anonymous-1.2.10-13.2.20060mdk.x86_64.rpm
0baf0a1757155c41e5a9748f3b5a2977 2006.0/SRPMS/proftpd-1.2.10-13.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
d1b46e09401cff86b5eb3cff5bb5d92d 2007.0/i586/proftpd-1.3.0-4.2mdv2007.0.i586.rpm
50dfa344357ea77649c760086d99efc5 2007.0/i586/proftpd-anonymous-1.3.0-4.2mdv2007.0.i586.rpm
ac4ffe2be045a45877c8ef5fca8aff82 2007.0/i586/proftpd-mod_autohost-1.3.0-4.2mdv2007.0.i586.rpm
a220594eecdf47d08047592dfc6ed989 2007.0/i586/proftpd-mod_case-1.3.0-4.2mdv2007.0.i586.rpm
ac8757c2cfda84be9340518730b2b0a9 2007.0/i586/proftpd-mod_clamav-1.3.0-4.2mdv2007.0.i586.rpm
a4e8f9e4399c3455586c0ad5ece2a9ba 2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.2mdv2007.0.i586.rpm
6f3d1d596e634cbc725728606a220d74 2007.0/i586/proftpd-mod_facl-1.3.0-4.2mdv2007.0.i586.rpm
093f77c4bf48659600d2255a55d8c66a 2007.0/i586/proftpd-mod_gss-1.3.0-4.2mdv2007.0.i586.rpm
527188db7f7c0b6db43308823c7a245a 2007.0/i586/proftpd-mod_ifsession-1.3.0-4.2mdv2007.0.i586.rpm
3ad7759d27a44aafc84ef531c3ce0d83 2007.0/i586/proftpd-mod_ldap-1.3.0-4.2mdv2007.0.i586.rpm
70db19b073046a2baffe846c2287e00c 2007.0/i586/proftpd-mod_load-1.3.0-4.2mdv2007.0.i586.rpm
70416dbf2150fa2e29c9003cd9db627d 2007.0/i586/proftpd-mod_quotatab-1.3.0-4.2mdv2007.0.i586.rpm
62d8b7d49b89addb5a86962cf0efe210 2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.2mdv2007.0.i586.rpm
13431e876946f486a83e28d458e58e50 2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.2mdv2007.0.i586.rpm
4b95fe99c77ff967238ebf7c938c7d44 2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.2mdv2007.0.i586.rpm
116be0e7b33ed3862408440e61a7827e 2007.0/i586/proftpd-mod_radius-1.3.0-4.2mdv2007.0.i586.rpm
00597f2284411df840d1d76c21d232a7 2007.0/i586/proftpd-mod_ratio-1.3.0-4.2mdv2007.0.i586.rpm
c57184424270ab38993930258ae4ef3a 2007.0/i586/proftpd-mod_rewrite-1.3.0-4.2mdv2007.0.i586.rpm
dcdabe501922432bfaa13e4520caee54 2007.0/i586/proftpd-mod_shaper-1.3.0-4.2mdv2007.0.i586.rpm
08f8675c360532db8679809c2df0a8bb 2007.0/i586/proftpd-mod_site_misc-1.3.0-4.2mdv2007.0.i586.rpm
5e7503e52019351d1eaef57e1e63ef9e 2007.0/i586/proftpd-mod_sql-1.3.0-4.2mdv2007.0.i586.rpm
6ba4cc9d229111078df98081f0821600 2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.2mdv2007.0.i586.rpm
ec5429aaf01a432eeb4cc6ccfcf9183f 2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.2mdv2007.0.i586.rpm
dde8bc68edac5463601886b53756c402 2007.0/i586/proftpd-mod_time-1.3.0-4.2mdv2007.0.i586.rpm
133560087f64cfa06b765cfda2b24780 2007.0/i586/proftpd-mod_tls-1.3.0-4.2mdv2007.0.i586.rpm
eef642bb96557634370d24e040a3e3fd 2007.0/i586/proftpd-mod_wrap-1.3.0-4.2mdv2007.0.i586.rpm
14f19ba95138a85a53c17173e006552f 2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.2mdv2007.0.i586.rpm
7a4ef558e014459382192aeac06a0bf6 2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.2mdv2007.0.i586.rpm
997d5a11fe5fca5c7f04f5fe425a58b9 2007.0/SRPMS/proftpd-1.3.0-4.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3b99b5f2a9edd6a5d05ade87a73db307 2007.0/x86_64/proftpd-1.3.0-4.2mdv2007.0.x86_64.rpm
817e2d8131bb3fa9e47d98324ddac5c6 2007.0/x86_64/proftpd-anonymous-1.3.0-4.2mdv2007.0.x86_64.rpm
d204a009c383529ed13c7599979c499d 2007.0/x86_64/proftpd-debug-1.3.0-4.2mdv2007.0.x86_64.rpm
299328a3ef758215995bc2b228ec0b3f 2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.2mdv2007.0.x86_64.rpm
cd85e8a8042d8840b44660b980879859 2007.0/x86_64/proftpd-mod_case-1.3.0-4.2mdv2007.0.x86_64.rpm
876c823f55cc56328c1cf6cc4c88ac96 2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.2mdv2007.0.x86_64.rpm
976fb7efc64eb1d96ba6dbe35a698471 2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.2mdv2007.0.x86_64.rpm
545f2c9ee7cdd13132fdbaa6c4be63b9 2007.0/x86_64/proftpd-mod_facl-1.3.0-4.2mdv2007.0.x86_64.rpm
6f8c16234f9c9c08e332aaf91d74489f 2007.0/x86_64/proftpd-mod_gss-1.3.0-4.2mdv2007.0.x86_64.rpm
d2f5795181c4e7b43f92fc5ae0ce3ab6 2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.2mdv2007.0.x86_64.rpm
fbbb100387e43c1fd879c4da1502393a 2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.2mdv2007.0.x86_64.rpm
9e41369b4fb53d33df4568c19728bd30 2007.0/x86_64/proftpd-mod_load-1.3.0-4.2mdv2007.0.x86_64.rpm
4498f75ddf6f54736cda5d435999ade8 2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.2mdv2007.0.x86_64.rpm
5098bfb4b07b68f673ce2988656e5027 2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.2mdv2007.0.x86_64.rpm
3395c4202286675cef765b600c50a9d9 2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.2mdv2007.0.x86_64.rpm
5eebf72bcecb15b91368abe57ca5e33f 2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.2mdv2007.0.x86_64.rpm
1144a84050daef248645ef7af0f92995 2007.0/x86_64/proftpd-mod_radius-1.3.0-4.2mdv2007.0.x86_64.rpm
b917bf18c26150aa240e3afbbcf0b2f1 2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.2mdv2007.0.x86_64.rpm
a06fe91a4a37f5e403e1e58b05591724 2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.2mdv2007.0.x86_64.rpm
8ce4fe2a4a4558f0925d479d67400137 2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.2mdv2007.0.x86_64.rpm
1b8d0e93191bcbc3f32c09cc00eb9155 2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.2mdv2007.0.x86_64.rpm
548a2acaeba3bd5840c3ff7aacd2574c 2007.0/x86_64/proftpd-mod_sql-1.3.0-4.2mdv2007.0.x86_64.rpm
a7a8731b55ad81410c91b4a0559068ed 2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.2mdv2007.0.x86_64.rpm
18f8a27c84d8d62437c40bd1828d78b0 2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.2mdv2007.0.x86_64.rpm
a0e81004cde841dd8cf826eed6fb3225 2007.0/x86_64/proftpd-mod_time-1.3.0-4.2mdv2007.0.x86_64.rpm
90298f22556f11f1e42488b87de37773 2007.0/x86_64/proftpd-mod_tls-1.3.0-4.2mdv2007.0.x86_64.rpm
f3fa5fe3b33fae484b35dd0368dcf00f 2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.2mdv2007.0.x86_64.rpm
064fb39be6c6f5326e20ed9d881cebf7 2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.2mdv2007.0.x86_64.rpm
e3871e76aed8d19fa548ee8641138076 2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.2mdv2007.0.x86_64.rpm
997d5a11fe5fca5c7f04f5fe425a58b9 2007.0/SRPMS/proftpd-1.3.0-4.2mdv2007.0.src.rpm

Corporate 3.0:
1a83657627d6f218ae54f8b2c45fbd79 corporate/3.0/i586/proftpd-1.2.9-3.5.C30mdk.i586.rpm
70e1eb731cfe7c8cb555a1eabc4bc4a3 corporate/3.0/i586/proftpd-anonymous-1.2.9-3.5.C30mdk.i586.rpm
1d7d9073cd0debaea27401a45bf24fbc corporate/3.0/SRPMS/proftpd-1.2.9-3.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
41b6f448e1354f9589beee850f491f50 corporate/3.0/x86_64/proftpd-1.2.9-3.5.C30mdk.x86_64.rpm
615446968808ac110d05aecfe3dbabd5 corporate/3.0/x86_64/proftpd-anonymous-1.2.9-3.5.C30mdk.x86_64.rpm
1d7d9073cd0debaea27401a45bf24fbc corporate/3.0/SRPMS/proftpd-1.2.9-3.5.C30mdk.src.rpm

Corporate 4.0:
633aefd9b99b8c2879c0edf256b47d7a corporate/4.0/i586/proftpd-1.2.10-20.2.20060mlcs4.i586.rpm
edaf7462323b66dd57860f03e98c4795 corporate/4.0/i586/proftpd-anonymous-1.2.10-20.2.20060mlcs4.i586.rpm
79c119bdf57238b11f3b92882c1c0e75 corporate/4.0/SRPMS/proftpd-1.2.10-20.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
f135f65d15347fe5f6b72d00b93964e7 corporate/4.0/x86_64/proftpd-1.2.10-20.2.20060mlcs4.x86_64.rpm
5e25ac25c11105ca94f5a9aa2dd4dafc corporate/4.0/x86_64/proftpd-anonymous-1.2.10-20.2.20060mlcs4.x86_64.rpm
79c119bdf57238b11f3b92882c1c0e75 corporate/4.0/SRPMS/proftpd-1.2.10-20.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYf3ymqjQ0CJFipgRAvcRAJ91oK3DHG1R+twQlhUHjwRE2Kg/WACcC7sV
1GR8XH6WF+J7S1rz3go/LRo=
=NoMr
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006217__updated_proftpd_packages_fix_vulnerabilities.html)