Debian: proftpd fix denial of service DSA-1218-1

    Date 21 Nov 2006
    5326
    Posted By LinuxSecurity Advisories
    It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1218-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Moritz Muehlenhoff
    November 21st, 2006                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : proftpd
    Vulnerability  : programming error
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-5815
    Debian Bug     : 399070
    
    It was discovered that the proftpd FTP daemon performs insufficient
    validation of FTP command buffer size limits, which may lead to denial of
    service.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.2.10-15sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.3.0-13 of the proftpd-dfsg package.
    
    We recommend that you upgrade your proftpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.dsc
          Size/MD5 checksum:      897 fe043ac01a1753ba7d47e169d7863039
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.diff.gz
          Size/MD5 checksum:   127600 d1611a9db379bee3e1f137c4c09d4b13
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
          Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge2_all.deb
          Size/MD5 checksum:   422520 784f6a1ead480a7198dd0ad7df4c6d7d
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   444406 dd457de80a77a65ea56f917ed8503641
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   200788 0d3e2ba8ea9082b304a2c7f4d6af8df9
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   457204 17af0e330f48108785aa9d00507c5291
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   476800 dffaa2aad3f25eb2887005c27059b241
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_alpha.deb
          Size/MD5 checksum:   476468 0c7be08d97b11f187c39f8a965b9e3c6
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   389010 2fd7461b794783671e641d72488c4585
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   194562 3113db8aa6ba8e67dcea03632cf6fe67
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   400008 3a89749eb456ea237ca4d82ae18e4beb
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   415382 302debcfd6ff112e7294959addcdc1d6
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_amd64.deb
          Size/MD5 checksum:   415174 51c2c6374d0483191874f96dd7318a27
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   373836 b740b9aa079946e4d2cbf323ae72a978
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   188754 5ffae3af9d619b301595ea9b1175ef37
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   384048 8beac5c897580847d39427097efd5116
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   398914 5470be96f5ad34f83d1042139c6a639e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_arm.deb
          Size/MD5 checksum:   398778 ae4abd419715b09b9a7bcc1f3e23eb96
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   403664 e19be25ea86f75de8fb0015837e47e57
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   194452 65616d5eed9a3270e0df3086ad87a8a7
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   414846 5ce90027122e3a27646cc314854ea37e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   431778 5deb145cbaacd0cbee298a0f6a02f6d2
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_hppa.deb
          Size/MD5 checksum:   431492 9b950e59b183a6795d5eacb2002bf03c
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   371202 efa3cca67db44225ecf7990ee8b76808
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   188864 6129e4a1b65440c57e6e76e104025cf4
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   380918 2de20dc3d336007347871007ad2aa9b6
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   396670 2b6a3833f37f256ac0268bf03d25dfd8
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_i386.deb
          Size/MD5 checksum:   396432 ba26cbd5cfa7cd9d06c94baad26864b3
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   519710 30aa10cfda1d97d81772d9a9fff3ef4c
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   206994 1eefe822ebe9df3b584f719db1e6e263
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   535338 4108fe33e7d1e6827e1545ea6ebfff7e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   562320 0ee714edb0c79544904c0db855daf174
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_ia64.deb
          Size/MD5 checksum:   562214 4714a62fff2346f1d376f4306e0c6974
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   332528 3ad435ced0a1492fd61ae55c90204ad1
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   187148 312a33fd15cfc35bd182d84ea847c852
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   340916 adf942ec807fd5a39fdb9707226921bc
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   353106 d724b6da9758c7bd3c4a4dfee4411306
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_m68k.deb
          Size/MD5 checksum:   352830 5a090fa4b611c42a907919a88861eb9a
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   382394 7e6c7b8b92827f3a6644689b0d06ef4e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   201616 fb61630fd14f0520518f78d198b15480
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   391986 0ffbc86ea82bd910466c367f156af4be
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   406488 2dff85fe8dc813c5be15780765a90a74
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mips.deb
          Size/MD5 checksum:   406238 1d658816888f361611ef7c7a41062f62
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   384334 ea408f73dd5288c3dbdd15556cb4c884
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   201838 a2c8ed17d8c6dbfe3ff0a359ec8402fd
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   393390 f6396ba4684fec2a4bd2b8a156c617a8
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   409460 403eb9064b44dfb5c4f5c64e3d11b43e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mipsel.deb
          Size/MD5 checksum:   409212 e1226c8b018ced87ad77118c660d0361
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   384414 3cc172a7ddaf95a37905ce0ca2fc340f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   195366 d3db9b92cf67136399f153e804a168bd
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   395170 9f26106f211808f807bfde1c2911629a
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   412014 3a0d74322ba454ee72e0925cb871c3f5
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_powerpc.deb
          Size/MD5 checksum:   411760 2611181a4d8cb329bea9d9d0db130b31
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   379686 06371d89be06ba9c16152ef8d0164f9b
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   192976 5a2c80cb11cd89c008a978b2e235bd45
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   390112 ee494ba31925ba491ba72152a7fd0a88
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   403944 c38a72652bef06f11e87fa28ab48d86c
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_s390.deb
          Size/MD5 checksum:   403734 2af77df7a25f5f5ed2b2d06c6fcd6ae3
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   369674 8dd5a9ec08ae54bcbc89ba8b6d695c87
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   188988 03998811bf00f61f9c52f79ee5150978
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   379464 fefd89407a8e0fdbc50a5398820aaa3c
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   394890 6d62112d1257db0c993e33d075f7adb3
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_sparc.deb
          Size/MD5 checksum:   394654 ada057a72951b1aa06d599b6e41bc503
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"23","type":"x","order":"1","pct":95.83,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":4.17,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.