Mandriva 1273 Published by

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:217-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : proftpd
Date : November 30, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________



Problem Description:

A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0
and earlier, allows remote attackers to cause a denial of service, as
demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
(CVE-2006-5815)

Buffer overflow in the tls_x509_name_oneline function in the mod_tls
module, as used in ProFTPD 1.3.0a and earlier, and possibly other
products, allows remote attackers to execute arbitrary code via a large
data length argument, a different vulnerability than CVE-2006-5815.
(CVE-2006-6170)

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit
when CommandBufferSize is specified in the configuration file, which
leads to an off-by-two buffer underflow. NOTE: in November 2006, the
role of CommandBufferSize was originally associated with CVE-2006-5815,
but this was an error stemming from an initial vague disclosure. NOTE:
ProFTPD developers dispute this issue, saying that the relevant memory
location is overwritten by assignment before further use within the
affected function, so this is not a vulnerability. (CVE-2006-6171)

Packages have been patched to correct these issues.

Update:

The previous update incorrectly linked the vd_proftd.pm issue with the
CommandBufferSize issue. These are two distinct issues and the previous
update only addressed CommandBufferSize (CVE-2006-6171), and the
mod_tls issue (CVE-2006-6170).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
b1cd1e2584e59418a20260b3f3332208 2006.0/i586/proftpd-1.2.10-13.3.20060mdk.i586.rpm
979d14f8aa6312dac64948e1e9445f33 2006.0/i586/proftpd-anonymous-1.2.10-13.3.20060mdk.i586.rpm
1d446921049eb39f91f0450a0ff74018 2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
80f43de2dcf0aab1956552ef2a93c1b5 2006.0/x86_64/proftpd-1.2.10-13.3.20060mdk.x86_64.rpm
62862e2c1c5c870946406beb2b982237 2006.0/x86_64/proftpd-anonymous-1.2.10-13.3.20060mdk.x86_64.rpm
1d446921049eb39f91f0450a0ff74018 2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
a37912e678d6dbfe2ed21a2c432e029c 2007.0/i586/proftpd-1.3.0-4.3mdv2007.0.i586.rpm
89b3d4beac485d4879295ad99a17cd1b 2007.0/i586/proftpd-anonymous-1.3.0-4.3mdv2007.0.i586.rpm
c206fc94fd81a8f79a158efe6e0fa8fb 2007.0/i586/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.i586.rpm
6ba12b916446da7651ced303cd5c2f0a 2007.0/i586/proftpd-mod_case-1.3.0-4.3mdv2007.0.i586.rpm
a3d6b7c829345d6edf9f22efb8369b58 2007.0/i586/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.i586.rpm
a51a76a0e93f638018a15a28d67d1bc6 2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.i586.rpm
458913aaa82dd80691b08e69c2d7a68e 2007.0/i586/proftpd-mod_facl-1.3.0-4.3mdv2007.0.i586.rpm
3e929da8229f69a9c2c8702f2c79bbfe 2007.0/i586/proftpd-mod_gss-1.3.0-4.3mdv2007.0.i586.rpm
9c7ad69945b176c59f682a750ba0da86 2007.0/i586/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.i586.rpm
de0dd2a5354bdd79842c84dd0698ae80 2007.0/i586/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.i586.rpm
84255d9b701a430fdebc8ffa0804462d 2007.0/i586/proftpd-mod_load-1.3.0-4.3mdv2007.0.i586.rpm
5a9dea0cc961f50a772f0c7f6d04fb2c 2007.0/i586/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.i586.rpm
da44806b650245adadee9227d60fed35 2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.i586.rpm
c2fd38d0ab3e324e377a0a83449bdcfc 2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.i586.rpm
db3864770f8aa649190e84ac04c7d26a 2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.i586.rpm
1f1a0e13808bfe3179c1142d2cfc76bd 2007.0/i586/proftpd-mod_radius-1.3.0-4.3mdv2007.0.i586.rpm
93f3736a42145559e9faffa16c68271d 2007.0/i586/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.i586.rpm
ce6ce9b9340c328ff0956481fe9ee5ff 2007.0/i586/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.i586.rpm
8c7089d22b32a863691fcf1ff3c1b6bf 2007.0/i586/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.i586.rpm
23b8d3f76708ce59d83bf07a6c19034d 2007.0/i586/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.i586.rpm
845b77cc6c4c2f4eb8c4a41d369afe3d 2007.0/i586/proftpd-mod_sql-1.3.0-4.3mdv2007.0.i586.rpm
7d98b511040ce3a9c16ca38fad98cdc7 2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.i586.rpm
44bdd048bac956a52adae56b429419a8 2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.i586.rpm
bece7d223e81935362115874debc625f 2007.0/i586/proftpd-mod_time-1.3.0-4.3mdv2007.0.i586.rpm
b655b11679c1d46750397f647499d113 2007.0/i586/proftpd-mod_tls-1.3.0-4.3mdv2007.0.i586.rpm
f051af523f306a8547cc232df6af61b0 2007.0/i586/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.i586.rpm
ea415328f16a7c86c530b1628e9e7119 2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.i586.rpm
40cc7355b7baea00dc0ca3d9fbb23d54 2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.i586.rpm
56f9c85b919e81120ef5c9f95c5fbb70 2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a3f7f06d36e939decedbfbd73b068a00 2007.0/x86_64/proftpd-1.3.0-4.3mdv2007.0.x86_64.rpm
e57974563e6a6a856997ece7ae4223f3 2007.0/x86_64/proftpd-anonymous-1.3.0-4.3mdv2007.0.x86_64.rpm
351f1bcb4148bb3e2d42e4f8b63866bb 2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.x86_64.rpm
5244e4fe2899727b8ed9ff8c2108e835 2007.0/x86_64/proftpd-mod_case-1.3.0-4.3mdv2007.0.x86_64.rpm
6945e72c1af1e29f0e8a4f851fde7c04 2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.x86_64.rpm
eaeba816574a28d65c243d70c55a2be7 2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.x86_64.rpm
4b61ef08a72e13acf1c245efda94e14d 2007.0/x86_64/proftpd-mod_facl-1.3.0-4.3mdv2007.0.x86_64.rpm
599338063d6b3358c92bc675748a5276 2007.0/x86_64/proftpd-mod_gss-1.3.0-4.3mdv2007.0.x86_64.rpm
113e48693e6f717523f53d7bd362f167 2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.x86_64.rpm
0afda1fa0eb473074bbf591b87c205f5 2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
d5f67ae4a0057ac1574446d53a2b01c2 2007.0/x86_64/proftpd-mod_load-1.3.0-4.3mdv2007.0.x86_64.rpm
24598aaa7594f1c3cce8104c0691fd89 2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.x86_64.rpm
ae6875064975d76b2f2ce5c2cee3c4cf 2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.x86_64.rpm
a383a4b78ec3e492563c9ef542c2a701 2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
eccf357b396c651538df038d7c480516 2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
0b41852744c4493629eb1d71c8091c8a 2007.0/x86_64/proftpd-mod_radius-1.3.0-4.3mdv2007.0.x86_64.rpm
93d8f354acd5a7e25478b9bbd3319617 2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.x86_64.rpm
332c8e76e5a93e5011caeb3fbf9d8d7d 2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.x86_64.rpm
03aed52b479f6bf0affa3a697aebe47d 2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.x86_64.rpm
4ea161e9f3821a3f90a2e19f22fdb487 2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.x86_64.rpm
ef8473f399c9fab49b174438e9f57f1a 2007.0/x86_64/proftpd-mod_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
e77455dd400984b833dd3bf52b6c9876 2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.x86_64.rpm
b194fe453ab8f2d900f49a8fee4d8a43 2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.x86_64.rpm
26177d8de2b31e25d54458f125a4bef6 2007.0/x86_64/proftpd-mod_time-1.3.0-4.3mdv2007.0.x86_64.rpm
27cab8a3a4bf0162e4e4aeb8f2235c18 2007.0/x86_64/proftpd-mod_tls-1.3.0-4.3mdv2007.0.x86_64.rpm
0eebacf7e2aacf1893e6f077a05deade 2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.x86_64.rpm
e1c973141f23a99f1a1e5cfad06ba507 2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.x86_64.rpm
ea8918c00be656f8c5c1be6e7e5c29cc 2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
56f9c85b919e81120ef5c9f95c5fbb70 2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

Corporate 3.0:
05c8ada8f0f64c13e392bacea28a57c3 corporate/3.0/i586/proftpd-1.2.9-3.6.C30mdk.i586.rpm
38d0c4fb80b8511d4fc60e29b76c2329 corporate/3.0/i586/proftpd-anonymous-1.2.9-3.6.C30mdk.i586.rpm
fd2a42044333ba3528899e65e6028b28 corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
c76e71ec99c373b351a69b33d09e0328 corporate/3.0/x86_64/proftpd-1.2.9-3.6.C30mdk.x86_64.rpm
6a7866fb417a3ba020caad45f7696a1d corporate/3.0/x86_64/proftpd-anonymous-1.2.9-3.6.C30mdk.x86_64.rpm
fd2a42044333ba3528899e65e6028b28 corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

Corporate 4.0:
3a74dd621c2836818d884faa26577379 corporate/4.0/i586/proftpd-1.2.10-20.3.20060mlcs4.i586.rpm
75fa75338ed57f5d0aeb137ca7efe521 corporate/4.0/i586/proftpd-anonymous-1.2.10-20.3.20060mlcs4.i586.rpm
f2f48f3379be27c86e4edc1a9cb53d53 corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b2e043f4ad4b4045ae0f09074be55327 corporate/4.0/x86_64/proftpd-1.2.10-20.3.20060mlcs4.x86_64.rpm
8524b1da761c3f24f3b0dd0d9a0139b7 corporate/4.0/x86_64/proftpd-anonymous-1.2.10-20.3.20060mlcs4.x86_64.rpm
f2f48f3379be27c86e4edc1a9cb53d53 corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFbvOPmqjQ0CJFipgRAmJmAKDyLo9c1K07oSdMIIpg9FVJk8JiNwCfcBcw
E/A+IqwCWvS6eomzGIkUeMk
=BufZ
-----END PGP SIGNATURE-----