#VU45231 Input validation error in ProFTPD - CVE-2011-1137
Vulnerability identifier: #VU45231
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
ProFTPD
Server applications /
File servers (FTP/HTTP)
Vendor: ProFTPD
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
Mitigation
Install update from vendor's website.
Vulnerable software versions
ProFTPD: 1.2.0 - 1.3.3
External links
https://bugs.proftpd.org/show_bug.cgi?id=3586
https://bugs.proftpd.org/show_bug.cgi?id=3587
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
https://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
https://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
https://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
https://secunia.com/advisories/43234
https://secunia.com/advisories/43635
https://secunia.com/advisories/43978
https://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806
https://www.debian.org/security/2011/dsa-2185
https://www.exploit-db.com/exploits/16129/
https://www.securityfocus.com/bid/46183
https://www.vupen.com/english/advisories/2011/0617
https://www.vupen.com/english/advisories/2011/0857
https://bugzilla.redhat.com/show_bug.cgi?id=681718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
