Linux Security
Linux Security
Linux Security

Debian: proftpd fix denial of service DSA-1218-1

Date 21 Nov 2006
Posted By LinuxSecurity Advisories
It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1218-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
November 21st, 2006           
- --------------------------------------------------------------------------

Package        : proftpd
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-5815
Debian Bug     : 399070

It was discovered that the proftpd FTP daemon performs insufficient
validation of FTP command buffer size limits, which may lead to denial of

For the stable distribution (sarge) this problem has been fixed in
version 1.2.10-15sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.0-13 of the proftpd-dfsg package.

We recommend that you upgrade your proftpd package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      897 fe043ac01a1753ba7d47e169d7863039
      Size/MD5 checksum:   127600 d1611a9db379bee3e1f137c4c09d4b13
      Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4

  Architecture independent components:
      Size/MD5 checksum:   422520 784f6a1ead480a7198dd0ad7df4c6d7d

  Alpha architecture:
      Size/MD5 checksum:   444406 dd457de80a77a65ea56f917ed8503641
      Size/MD5 checksum:   200788 0d3e2ba8ea9082b304a2c7f4d6af8df9
      Size/MD5 checksum:   457204 17af0e330f48108785aa9d00507c5291
      Size/MD5 checksum:   476800 dffaa2aad3f25eb2887005c27059b241
      Size/MD5 checksum:   476468 0c7be08d97b11f187c39f8a965b9e3c6

  AMD64 architecture:
      Size/MD5 checksum:   389010 2fd7461b794783671e641d72488c4585
      Size/MD5 checksum:   194562 3113db8aa6ba8e67dcea03632cf6fe67
      Size/MD5 checksum:   400008 3a89749eb456ea237ca4d82ae18e4beb
      Size/MD5 checksum:   415382 302debcfd6ff112e7294959addcdc1d6
      Size/MD5 checksum:   415174 51c2c6374d0483191874f96dd7318a27

  ARM architecture:
      Size/MD5 checksum:   373836 b740b9aa079946e4d2cbf323ae72a978
      Size/MD5 checksum:   188754 5ffae3af9d619b301595ea9b1175ef37
      Size/MD5 checksum:   384048 8beac5c897580847d39427097efd5116
      Size/MD5 checksum:   398914 5470be96f5ad34f83d1042139c6a639e
      Size/MD5 checksum:   398778 ae4abd419715b09b9a7bcc1f3e23eb96

  HP Precision architecture:
      Size/MD5 checksum:   403664 e19be25ea86f75de8fb0015837e47e57
      Size/MD5 checksum:   194452 65616d5eed9a3270e0df3086ad87a8a7
      Size/MD5 checksum:   414846 5ce90027122e3a27646cc314854ea37e
      Size/MD5 checksum:   431778 5deb145cbaacd0cbee298a0f6a02f6d2
      Size/MD5 checksum:   431492 9b950e59b183a6795d5eacb2002bf03c

  Intel IA-32 architecture:
      Size/MD5 checksum:   371202 efa3cca67db44225ecf7990ee8b76808
      Size/MD5 checksum:   188864 6129e4a1b65440c57e6e76e104025cf4
      Size/MD5 checksum:   380918 2de20dc3d336007347871007ad2aa9b6
      Size/MD5 checksum:   396670 2b6a3833f37f256ac0268bf03d25dfd8
      Size/MD5 checksum:   396432 ba26cbd5cfa7cd9d06c94baad26864b3

  Intel IA-64 architecture:
      Size/MD5 checksum:   519710 30aa10cfda1d97d81772d9a9fff3ef4c
      Size/MD5 checksum:   206994 1eefe822ebe9df3b584f719db1e6e263
      Size/MD5 checksum:   535338 4108fe33e7d1e6827e1545ea6ebfff7e
      Size/MD5 checksum:   562320 0ee714edb0c79544904c0db855daf174
      Size/MD5 checksum:   562214 4714a62fff2346f1d376f4306e0c6974

  Motorola 680x0 architecture:
      Size/MD5 checksum:   332528 3ad435ced0a1492fd61ae55c90204ad1
      Size/MD5 checksum:   187148 312a33fd15cfc35bd182d84ea847c852
      Size/MD5 checksum:   340916 adf942ec807fd5a39fdb9707226921bc
      Size/MD5 checksum:   353106 d724b6da9758c7bd3c4a4dfee4411306
      Size/MD5 checksum:   352830 5a090fa4b611c42a907919a88861eb9a

  Big endian MIPS architecture:
      Size/MD5 checksum:   382394 7e6c7b8b92827f3a6644689b0d06ef4e
      Size/MD5 checksum:   201616 fb61630fd14f0520518f78d198b15480
      Size/MD5 checksum:   391986 0ffbc86ea82bd910466c367f156af4be
      Size/MD5 checksum:   406488 2dff85fe8dc813c5be15780765a90a74
      Size/MD5 checksum:   406238 1d658816888f361611ef7c7a41062f62

  Little endian MIPS architecture:
      Size/MD5 checksum:   384334 ea408f73dd5288c3dbdd15556cb4c884
      Size/MD5 checksum:   201838 a2c8ed17d8c6dbfe3ff0a359ec8402fd
      Size/MD5 checksum:   393390 f6396ba4684fec2a4bd2b8a156c617a8
      Size/MD5 checksum:   409460 403eb9064b44dfb5c4f5c64e3d11b43e
      Size/MD5 checksum:   409212 e1226c8b018ced87ad77118c660d0361

  PowerPC architecture:
      Size/MD5 checksum:   384414 3cc172a7ddaf95a37905ce0ca2fc340f
      Size/MD5 checksum:   195366 d3db9b92cf67136399f153e804a168bd
      Size/MD5 checksum:   395170 9f26106f211808f807bfde1c2911629a
      Size/MD5 checksum:   412014 3a0d74322ba454ee72e0925cb871c3f5
      Size/MD5 checksum:   411760 2611181a4d8cb329bea9d9d0db130b31

  IBM S/390 architecture:
      Size/MD5 checksum:   379686 06371d89be06ba9c16152ef8d0164f9b
      Size/MD5 checksum:   192976 5a2c80cb11cd89c008a978b2e235bd45
      Size/MD5 checksum:   390112 ee494ba31925ba491ba72152a7fd0a88
      Size/MD5 checksum:   403944 c38a72652bef06f11e87fa28ab48d86c
      Size/MD5 checksum:   403734 2af77df7a25f5f5ed2b2d06c6fcd6ae3

  Sun Sparc architecture:
      Size/MD5 checksum:   369674 8dd5a9ec08ae54bcbc89ba8b6d695c87
      Size/MD5 checksum:   188988 03998811bf00f61f9c52f79ee5150978
      Size/MD5 checksum:   379464 fefd89407a8e0fdbc50a5398820aaa3c
      Size/MD5 checksum:   394890 6d62112d1257db0c993e33d075f7adb3
      Size/MD5 checksum:   394654 ada057a72951b1aa06d599b6e41bc503

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"42","type":"x","order":"1","pct":84,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.