Debian: New proftpd packages fix denial of service

    Date21 Nov 2006
    CategoryDebian
    5224
    Posted ByLinuxSecurity Advisories
    It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1218-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    November 21st, 2006                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : proftpd
    Vulnerability  : programming error
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-5815
    Debian Bug     : 399070
    
    It was discovered that the proftpd FTP daemon performs insufficient
    validation of FTP command buffer size limits, which may lead to denial of
    service.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.2.10-15sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.3.0-13 of the proftpd-dfsg package.
    
    We recommend that you upgrade your proftpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.dsc
          Size/MD5 checksum:      897 fe043ac01a1753ba7d47e169d7863039
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.diff.gz
          Size/MD5 checksum:   127600 d1611a9db379bee3e1f137c4c09d4b13
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
          Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge2_all.deb
          Size/MD5 checksum:   422520 784f6a1ead480a7198dd0ad7df4c6d7d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   444406 dd457de80a77a65ea56f917ed8503641
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   200788 0d3e2ba8ea9082b304a2c7f4d6af8df9
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   457204 17af0e330f48108785aa9d00507c5291
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   476800 dffaa2aad3f25eb2887005c27059b241
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   476468 0c7be08d97b11f187c39f8a965b9e3c6
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   389010 2fd7461b794783671e641d72488c4585
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   194562 3113db8aa6ba8e67dcea03632cf6fe67
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   400008 3a89749eb456ea237ca4d82ae18e4beb
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   415382 302debcfd6ff112e7294959addcdc1d6
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   415174 51c2c6374d0483191874f96dd7318a27
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   373836 b740b9aa079946e4d2cbf323ae72a978
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   188754 5ffae3af9d619b301595ea9b1175ef37
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   384048 8beac5c897580847d39427097efd5116
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   398914 5470be96f5ad34f83d1042139c6a639e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   398778 ae4abd419715b09b9a7bcc1f3e23eb96
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   403664 e19be25ea86f75de8fb0015837e47e57
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   194452 65616d5eed9a3270e0df3086ad87a8a7
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   414846 5ce90027122e3a27646cc314854ea37e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   431778 5deb145cbaacd0cbee298a0f6a02f6d2
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   431492 9b950e59b183a6795d5eacb2002bf03c
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   371202 efa3cca67db44225ecf7990ee8b76808
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   188864 6129e4a1b65440c57e6e76e104025cf4
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   380918 2de20dc3d336007347871007ad2aa9b6
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   396670 2b6a3833f37f256ac0268bf03d25dfd8
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   396432 ba26cbd5cfa7cd9d06c94baad26864b3
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   519710 30aa10cfda1d97d81772d9a9fff3ef4c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   206994 1eefe822ebe9df3b584f719db1e6e263
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   535338 4108fe33e7d1e6827e1545ea6ebfff7e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   562320 0ee714edb0c79544904c0db855daf174
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   562214 4714a62fff2346f1d376f4306e0c6974
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   332528 3ad435ced0a1492fd61ae55c90204ad1
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   187148 312a33fd15cfc35bd182d84ea847c852
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   340916 adf942ec807fd5a39fdb9707226921bc
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   353106 d724b6da9758c7bd3c4a4dfee4411306
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   352830 5a090fa4b611c42a907919a88861eb9a
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   382394 7e6c7b8b92827f3a6644689b0d06ef4e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   201616 fb61630fd14f0520518f78d198b15480
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   391986 0ffbc86ea82bd910466c367f156af4be
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   406488 2dff85fe8dc813c5be15780765a90a74
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   406238 1d658816888f361611ef7c7a41062f62
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   384334 ea408f73dd5288c3dbdd15556cb4c884
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   201838 a2c8ed17d8c6dbfe3ff0a359ec8402fd
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   393390 f6396ba4684fec2a4bd2b8a156c617a8
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   409460 403eb9064b44dfb5c4f5c64e3d11b43e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   409212 e1226c8b018ced87ad77118c660d0361
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   384414 3cc172a7ddaf95a37905ce0ca2fc340f
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   195366 d3db9b92cf67136399f153e804a168bd
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   395170 9f26106f211808f807bfde1c2911629a
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   412014 3a0d74322ba454ee72e0925cb871c3f5
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   411760 2611181a4d8cb329bea9d9d0db130b31
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   379686 06371d89be06ba9c16152ef8d0164f9b
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   192976 5a2c80cb11cd89c008a978b2e235bd45
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   390112 ee494ba31925ba491ba72152a7fd0a88
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   403944 c38a72652bef06f11e87fa28ab48d86c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   403734 2af77df7a25f5f5ed2b2d06c6fcd6ae3
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   369674 8dd5a9ec08ae54bcbc89ba8b6d695c87
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   188988 03998811bf00f61f9c52f79ee5150978
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   379464 fefd89407a8e0fdbc50a5398820aaa3c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   394890 6d62112d1257db0c993e33d075f7adb3
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   394654 ada057a72951b1aa06d599b6e41bc503
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.