[Security Announce] [ MDKSA-2006:232 ] - Updated proftpd packages fix mod_ctrls vulnerability
Posted on: 12/19/2006 05:35 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:232
http://www.mandriva.com/security/
_______________________________________________________________________

Package : proftpd
Date : December 18, 2006
Affected: 2007.0
_______________________________________________________________________

Problem Description:

Stack-based buffer overflow in the pr_ctrls_recv_request function in
ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local
users to execute arbitrary code via a large reqarglen length value.

Packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
afa8803b9eede3fb73f55d31cb33e594 2007.0/i586/proftpd-1.3.0-4.4mdv2007.0.i586.rpm
a1239dcf4957c20d234084c22a063812 2007.0/i586/proftpd-anonymous-1.3.0-4.4mdv2007.0.i586.rpm
e9e9a955957310f3ef26fa55e24a191d 2007.0/i586/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.i586.rpm
f1b9111ed66ef2316e386e992bff56a8 2007.0/i586/proftpd-mod_case-1.3.0-4.4mdv2007.0.i586.rpm
2f2aa9286bc126898cb23eaac5547cc0 2007.0/i586/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.i586.rpm
c5c71f0f78f6506842756ba9c79d121e 2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.i586.rpm
bafbeb5bfc0684fcd053caec876646e8 2007.0/i586/proftpd-mod_facl-1.3.0-4.4mdv2007.0.i586.rpm
4f4c8bd3a36ff3b68e7a479590a3ee25 2007.0/i586/proftpd-mod_gss-1.3.0-4.4mdv2007.0.i586.rpm
d5c741aec06c740e9d7f035a887f68d5 2007.0/i586/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.i586.rpm
e61958daf818219eb409565efb0be974 2007.0/i586/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.i586.rpm
c6f84f04b1a35ef26d6985a9063f0993 2007.0/i586/proftpd-mod_load-1.3.0-4.4mdv2007.0.i586.rpm
dc0fec8773907dd7739fab6f5f6a5c78 2007.0/i586/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.i586.rpm
860e998696b9140c94357457136be823 2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.i586.rpm
31478a97cf53f3da2b02ff26a19f9f69 2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.i586.rpm
355b61338fd647be4054d19e6c01587c 2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.i586.rpm
aef74c8839a8cb1fef322573a5c8d484 2007.0/i586/proftpd-mod_radius-1.3.0-4.4mdv2007.0.i586.rpm
39b8c05989e14fc1aeb6fd1395d43973 2007.0/i586/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.i586.rpm
61317e3f7742f4de4cfb26780f5cdd9a 2007.0/i586/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.i586.rpm
4eba5eb110289f346d1ba0881ac82d50 2007.0/i586/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.i586.rpm
481a8ed2e0ffbc03751d26cd2ae0acb3 2007.0/i586/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.i586.rpm
76e926b07afbe8748f0ca072a1456c9b 2007.0/i586/proftpd-mod_sql-1.3.0-4.4mdv2007.0.i586.rpm
834b63d40bb375af7694165303dbaf54 2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.i586.rpm
68190d61d5f9dc321d5e96eebdc6bc17 2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.i586.rpm
d2a242a9d88ac200a5715ec3a979627d 2007.0/i586/proftpd-mod_time-1.3.0-4.4mdv2007.0.i586.rpm
a5d110ed77605d7056795a759d620774 2007.0/i586/proftpd-mod_tls-1.3.0-4.4mdv2007.0.i586.rpm
6d563b023289499bafa6438e18bea304 2007.0/i586/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.i586.rpm
97066280186fe51879b1f9f83a0fe865 2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.i586.rpm
2a8ffd5324411ca4c5579b0f3cc821e0 2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.i586.rpm
9ebf57be4074ca06a03e73ea67157225 2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
952398679665b5a5647ef5f879797074 2007.0/x86_64/proftpd-1.3.0-4.4mdv2007.0.x86_64.rpm
b67b546a78493bc67296b001da9f6dc5 2007.0/x86_64/proftpd-anonymous-1.3.0-4.4mdv2007.0.x86_64.rpm
57d7228f8190ad5956221ddd33748b2d 2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.x86_64.rpm
c81674d9864512a2b47b00a4b9fc7ea2 2007.0/x86_64/proftpd-mod_case-1.3.0-4.4mdv2007.0.x86_64.rpm
38629437de2866467dbee64942ef3d55 2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.x86_64.rpm
59b89afa67aa44cf302b4585738d6b0c 2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.x86_64.rpm
11d2e9e34803433fb623bff58e19fcc3 2007.0/x86_64/proftpd-mod_facl-1.3.0-4.4mdv2007.0.x86_64.rpm
904dc5ff6e1ca7205eb28a0d31db67df 2007.0/x86_64/proftpd-mod_gss-1.3.0-4.4mdv2007.0.x86_64.rpm
c3eed275e17b61dc989e898531c3f2ed 2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.x86_64.rpm
a060e67e5b0fe1e15dbc2e6d148de9b2 2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
959febcf9f74abccf5e3f249b3cd4501 2007.0/x86_64/proftpd-mod_load-1.3.0-4.4mdv2007.0.x86_64.rpm
f0807b9080f431540bfe8b5729b2005f 2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.x86_64.rpm
b0c463356a8cbc6140d6ea7b28c6dc72 2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.x86_64.rpm
7dc4d54215124488579a572f49e4eea8 2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
2e8fbfc88d28b2fd367088ffb66b044e 2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
6569fcc36cc6d11dfcc50db89a33037f 2007.0/x86_64/proftpd-mod_radius-1.3.0-4.4mdv2007.0.x86_64.rpm
39838f915a30da0f1ed0245fc521051e 2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.x86_64.rpm
dd89c2a4e5878c440fa506b36104f0fb 2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.x86_64.rpm
4b581f3bc61e0d34ff91f4dfad973ea1 2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.x86_64.rpm
37c2b30dcfc23cd9d1b6483e3b436442 2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.x86_64.rpm
a6ea95e4cdc9c3a17d06442c41169d69 2007.0/x86_64/proftpd-mod_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
a7011c17a1a97a32b46a0a125fcaa28e 2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.x86_64.rpm
f65a272ba0af2f52a26fba6ebd216ee0 2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.x86_64.rpm
3187bcd5a199bbdafa6b49a43eb6cf91 2007.0/x86_64/proftpd-mod_time-1.3.0-4.4mdv2007.0.x86_64.rpm
296952dc6fd46b23a309e762d7784044 2007.0/x86_64/proftpd-mod_tls-1.3.0-4.4mdv2007.0.x86_64.rpm
dad6e49ca6ea17a06d22740532acfc33 2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.x86_64.rpm
c3fa12831336500d533262efe59541a7 2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.x86_64.rpm
3359395a670ecb3d7a94fc9e5d75373a 2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
9ebf57be4074ca06a03e73ea67157225 2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFhyHEmqjQ0CJFipgRAszVAKDv2+bcq/wUxBU+DoUAIULG2/3GnACfctm9
T7DEwmtzr0kb7QLa9xkBPH0=
=ZF2C
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006232__updated_proftpd_packages_fix_mod_ctrls_vulnerability.html)