-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:245 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : proftpd Date : October 3, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in proftpd: Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation (CVE-2013-4359). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 46983ffd7098530fca4128077d97a523 mes5/i586/proftpd-1.3.3g-0.3mdvmes5.2.i586.rpm a04e0b56bf0eb0d2d4cdece3ffc85029 mes5/i586/proftpd-devel-1.3.3g-0.3mdvmes5.2.i586.rpm 025f570c1dc8efdc45895a3616da1e06 mes5/i586/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.i586.rpm 450f15d6116cab768617d48011c3e817 mes5/i586/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.i586.rpm a98343b24afe7e37fba65e1dda0195e1 mes5/i586/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.i586.rpm 43616f2c325f048e059fcf17ab51393c mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.i586.rpm fe0fd656038018fdce84bd43cdef5772 mes5/i586/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.i586.rpm e6f8e5ac0ebf015f11d3883772603be3 mes5/i586/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.i586.rpm 876f7f2f217eef5a3c37ddd0a1b14e4e mes5/i586/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm 567712b13a4d71d8f1425c50c93da77f mes5/i586/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.i586.rpm 5f4dc1d5ae8a1b1ebb69f4fefb770209 mes5/i586/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.i586.rpm 43537fb14fd6d668378353e2d3fed566 mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.i586.rpm 44bc319aaea602ef75ef4b7ab0a30f63 mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.i586.rpm f7824603f5f4192be16872b14b9e29af mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.i586.rpm 948961bc889efd5ddb1b7aeae4aa1925 mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.i586.rpm 7012699225ae929c26526c81bead2c40 mes5/i586/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.i586.rpm 87330a04471f3a047cdd49ad4151b8e1 mes5/i586/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.i586.rpm 44b63f1707ebc0436156a7d9ce1602fa mes5/i586/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.i586.rpm 384bb9641df7c17cae6375f93a454ff6 mes5/i586/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.i586.rpm cf2705bc941d052b603935a84e4306a4 mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.i586.rpm 026d9596cc3379b5a2bb4980acac57b3 mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.i586.rpm 7209015b90d427445b047be9bfee5d08 mes5/i586/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.i586.rpm 6d881af562adcfee2b4d3eb21ef8aa1d mes5/i586/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.i586.rpm 557aa8921aa2f6ceccf9491711adfabf mes5/i586/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.i586.rpm 020203dadddd0122f0c7ebbfbf12c790 mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.i586.rpm 512866f3265a2876c3faafbd93e76d41 mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.i586.rpm ee8998f366f8323b0064362c3cf12a8f mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.i586.rpm b314dc7d58b779092710c95d8fb4b577 mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.i586.rpm 86ce25cf1e2d557dfc8a838965236965 mes5/i586/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.i586.rpm 2ddbdca6dc855e2e90ca5b38e2703409 mes5/i586/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.i586.rpm 6d1a4b01f2dd733ae5207a2dff78424f mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.i586.rpm d44e3df2773cd71189fd859239f119b9 mes5/i586/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.i586.rpm 23751186af1e2588e07e43e60099fcf2 mes5/i586/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.i586.rpm 5eb2de8b3640f317266e4a8032693320 mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.i586.rpm 7ac0e08ec868cbbb2004b05a7def10ba mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.i586.rpm 159e3566c92302969ca40d38b37c0427 mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 38796f9d366483a30fd31318414a2ce9 mes5/x86_64/proftpd-1.3.3g-0.3mdvmes5.2.x86_64.rpm 1719f42f610ec620d87bec52d6eabecd mes5/x86_64/proftpd-devel-1.3.3g-0.3mdvmes5.2.x86_64.rpm 19998579435263ada5d44cd338e47be4 mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.3mdvmes5.2.x86_64.rpm eb317fad1b20365d393c5cf39d1f625b mes5/x86_64/proftpd-mod_ban-1.3.3g-0.3mdvmes5.2.x86_64.rpm 4f970b528ac6cb1983dbb37bd5dc419d mes5/x86_64/proftpd-mod_case-1.3.3g-0.3mdvmes5.2.x86_64.rpm 368decaa63f0d1554e0a60e8c89e5bde mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.3mdvmes5.2.x86_64.rpm ed3de838f3ebf6f076eb2ebe0b6d0672 mes5/x86_64/proftpd-mod_gss-1.3.3g-0.3mdvmes5.2.x86_64.rpm 8b47d1fa57c04efe3efe21422bc7dade mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.3mdvmes5.2.x86_64.rpm 323574f327cbfa7a53d828ba588ee4de mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm dde4d52cbcc480f2f4cb579dc9192ace mes5/x86_64/proftpd-mod_load-1.3.3g-0.3mdvmes5.2.x86_64.rpm 21ce4bf2d7208aaa9a26c44605d684ae mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.3mdvmes5.2.x86_64.rpm 6b4461147b10b83935ff24cedc2a3711 mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm 5eea60cd2e9ec2228053ab687b39b762 mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.3mdvmes5.2.x86_64.rpm d43368168c6bce2266e5c7ed47e1babb mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm 7a0f22079084eb93ef57f0351307e8ce mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 5bc3a7c23d64a6370472a8bfc6d4b557 mes5/x86_64/proftpd-mod_radius-1.3.3g-0.3mdvmes5.2.x86_64.rpm a0d218ecd04d2bf8a66517715adecfe1 mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.3mdvmes5.2.x86_64.rpm d04672db1914cac3fb93fb7f7b2809b8 mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.3mdvmes5.2.x86_64.rpm 7ed7719b520b5cc064850135c511faed mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.3mdvmes5.2.x86_64.rpm e0d0574298da56fd9132cbf29d9dabfd mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.3mdvmes5.2.x86_64.rpm ab1174d2d20fe2d435c5404ba71aaaf2 mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 7ee8ada196f9834edb9f49456a209b54 mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.3mdvmes5.2.x86_64.rpm 0adef44803bd712aee6aa7b27cac0213 mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.3mdvmes5.2.x86_64.rpm 02cc8c4356f0dcc4774a7d961aa884f2 mes5/x86_64/proftpd-mod_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 66be4115598106e48f201411e06a929b mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 3ae0ab56eeca6524d8e35a50259880ab mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.3mdvmes5.2.x86_64.rpm 98d051c650475f42e668aa326917b46a mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.3mdvmes5.2.x86_64.rpm 85c9a1ff9e90d0301cb94c88747b1838 mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.3mdvmes5.2.x86_64.rpm d4582a5c3cc1b49cda531ba332739ab0 mes5/x86_64/proftpd-mod_time-1.3.3g-0.3mdvmes5.2.x86_64.rpm fa2cde5a8f2f9341aa6f8cf03d2989d4 mes5/x86_64/proftpd-mod_tls-1.3.3g-0.3mdvmes5.2.x86_64.rpm 5581418149d3b0c2d689f0227c310136 mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.3mdvmes5.2.x86_64.rpm 4aa543bed0ca7d9e1a000510523ec67b mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.3mdvmes5.2.x86_64.rpm 7d6a94029d9e0a1f41dccfcf12640c74 mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.3mdvmes5.2.x86_64.rpm b919dbcd415646884fe108e2c65e985f mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.3mdvmes5.2.x86_64.rpm 33c196d28a2d7444323df75fb2031b35 mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.3mdvmes5.2.x86_64.rpm 159e3566c92302969ca40d38b37c0427 mes5/SRPMS/proftpd-1.3.3g-0.3mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 8894c0650a5fd8fc4ae90e0d7076d784 mbs1/x86_64/proftpd-1.3.3g-2.2.mbs1.x86_64.rpm 483eefbfbd94017e1d0468c62be71817 mbs1/x86_64/proftpd-devel-1.3.3g-2.2.mbs1.x86_64.rpm 49c8475366eafe540bf500df91e52576 mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.2.mbs1.x86_64.rpm ff58176ba72fa46041df0efb936f3423 mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.2.mbs1.x86_64.rpm cfb334e62d6bb02c7cad92ed704ba0f3 mbs1/x86_64/proftpd-mod_case-1.3.3g-2.2.mbs1.x86_64.rpm 3c4081c4b4ae5ef551658e0b2acba833 mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.2.mbs1.x86_64.rpm 384bf91e253a2c215d627bdcf06c2d0e mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.2.mbs1.x86_64.rpm aaac9dd49d2cb3a405e8a5601e2b5bbe mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.2.mbs1.x86_64.rpm 2d3916273f01d603f3c8b11ed0995dcb mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.2.mbs1.x86_64.rpm 31f2bc5b2bb4cb8e1de113d9fa5941b7 mbs1/x86_64/proftpd-mod_load-1.3.3g-2.2.mbs1.x86_64.rpm 4a8264924a0271b13648987048f908d2 mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.2.mbs1.x86_64.rpm 7d9f41ac86104c48fa552eea590106ec mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.2.mbs1.x86_64.rpm 1413ffa427471f9026238019e53eab60 mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.2.mbs1.x86_64.rpm 6a668d6acf56675278bd6a1e2043c7bc mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.2.mbs1.x86_64.rpm 1d2c9d7ca3ff98b73e382cd1c62bca3b mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.2.mbs1.x86_64.rpm 3063a00f1e6693010362e88daec12e0d mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.2.mbs1.x86_64.rpm 742c9bca71ff7325eea842c98ec8e843 mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.2.mbs1.x86_64.rpm a1c0408b245f8b86303e83376bb8a767 mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.2.mbs1.x86_64.rpm 16234987a0ee0b84c4c86b992cd8a49d mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.2.mbs1.x86_64.rpm b4c686c0e1004e091bd900b15ca14590 mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.2.mbs1.x86_64.rpm 45946636376e208763857c4d3aab4389 mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.2.mbs1.x86_64.rpm 2b78b77a20920ac27f74392d48d1e55b mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.2.mbs1.x86_64.rpm 1224cc483941df48c2ae075c7907e8df mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.2.mbs1.x86_64.rpm 2b57ba6e1e60b3ef8c55864e6ccea11f mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.2.mbs1.x86_64.rpm 5ff0cd038dced801d93720726b064b62 mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.2.mbs1.x86_64.rpm bd37b5ee528c7429e7e04f42dffbdffc mbs1/x86_64/proftpd-mod_time-1.3.3g-2.2.mbs1.x86_64.rpm 22003676c1c945c2fbe086def2951e6d mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.2.mbs1.x86_64.rpm 96d8740f7f3391ce1d32cfb5b73e37b3 mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.2.mbs1.x86_64.rpm 139b03ae65f621e1040e50e90a7ad43d mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.2.mbs1.x86_64.rpm 5af2c6f664a1e950c14accb5daa46e0e mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.2.mbs1.x86_64.rpm 9ced62076d70032a88bff77d0c15866e mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.2.mbs1.x86_64.rpm ec0d6974ee0c906202405ee0b027eb15 mbs1/SRPMS/proftpd-1.3.3g-2.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSTT7qmqjQ0CJFipgRAu9bAKCZsiuPTXGuvLZTkvxf23exPoZcpACgv+73 Gv+V6+AGVqv7ba+Hw0XjuD4= =i2z0 -----END PGP SIGNATURE-----