LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New proftpd packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1218-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
November 21st, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : proftpd
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-5815
Debian Bug     : 399070

It was discovered that the proftpd FTP daemon performs insufficient
validation of FTP command buffer size limits, which may lead to denial of
service.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.10-15sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.0-13 of the proftpd-dfsg package.

We recommend that you upgrade your proftpd package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.dsc
      Size/MD5 checksum:      897 fe043ac01a1753ba7d47e169d7863039
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.diff.gz
      Size/MD5 checksum:   127600 d1611a9db379bee3e1f137c4c09d4b13
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
      Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge2_all.deb
      Size/MD5 checksum:   422520 784f6a1ead480a7198dd0ad7df4c6d7d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_alpha.deb
      Size/MD5 checksum:   444406 dd457de80a77a65ea56f917ed8503641
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_alpha.deb
      Size/MD5 checksum:   200788 0d3e2ba8ea9082b304a2c7f4d6af8df9
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_alpha.deb
      Size/MD5 checksum:   457204 17af0e330f48108785aa9d00507c5291
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_alpha.deb
      Size/MD5 checksum:   476800 dffaa2aad3f25eb2887005c27059b241
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_alpha.deb
      Size/MD5 checksum:   476468 0c7be08d97b11f187c39f8a965b9e3c6

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_amd64.deb
      Size/MD5 checksum:   389010 2fd7461b794783671e641d72488c4585
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_amd64.deb
      Size/MD5 checksum:   194562 3113db8aa6ba8e67dcea03632cf6fe67
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_amd64.deb
      Size/MD5 checksum:   400008 3a89749eb456ea237ca4d82ae18e4beb
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_amd64.deb
      Size/MD5 checksum:   415382 302debcfd6ff112e7294959addcdc1d6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_amd64.deb
      Size/MD5 checksum:   415174 51c2c6374d0483191874f96dd7318a27

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_arm.deb
      Size/MD5 checksum:   373836 b740b9aa079946e4d2cbf323ae72a978
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_arm.deb
      Size/MD5 checksum:   188754 5ffae3af9d619b301595ea9b1175ef37
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_arm.deb
      Size/MD5 checksum:   384048 8beac5c897580847d39427097efd5116
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_arm.deb
      Size/MD5 checksum:   398914 5470be96f5ad34f83d1042139c6a639e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_arm.deb
      Size/MD5 checksum:   398778 ae4abd419715b09b9a7bcc1f3e23eb96

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_hppa.deb
      Size/MD5 checksum:   403664 e19be25ea86f75de8fb0015837e47e57
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_hppa.deb
      Size/MD5 checksum:   194452 65616d5eed9a3270e0df3086ad87a8a7
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_hppa.deb
      Size/MD5 checksum:   414846 5ce90027122e3a27646cc314854ea37e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_hppa.deb
      Size/MD5 checksum:   431778 5deb145cbaacd0cbee298a0f6a02f6d2
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_hppa.deb
      Size/MD5 checksum:   431492 9b950e59b183a6795d5eacb2002bf03c

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_i386.deb
      Size/MD5 checksum:   371202 efa3cca67db44225ecf7990ee8b76808
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_i386.deb
      Size/MD5 checksum:   188864 6129e4a1b65440c57e6e76e104025cf4
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_i386.deb
      Size/MD5 checksum:   380918 2de20dc3d336007347871007ad2aa9b6
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_i386.deb
      Size/MD5 checksum:   396670 2b6a3833f37f256ac0268bf03d25dfd8
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_i386.deb
      Size/MD5 checksum:   396432 ba26cbd5cfa7cd9d06c94baad26864b3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_ia64.deb
      Size/MD5 checksum:   519710 30aa10cfda1d97d81772d9a9fff3ef4c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_ia64.deb
      Size/MD5 checksum:   206994 1eefe822ebe9df3b584f719db1e6e263
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_ia64.deb
      Size/MD5 checksum:   535338 4108fe33e7d1e6827e1545ea6ebfff7e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_ia64.deb
      Size/MD5 checksum:   562320 0ee714edb0c79544904c0db855daf174
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_ia64.deb
      Size/MD5 checksum:   562214 4714a62fff2346f1d376f4306e0c6974

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_m68k.deb
      Size/MD5 checksum:   332528 3ad435ced0a1492fd61ae55c90204ad1
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_m68k.deb
      Size/MD5 checksum:   187148 312a33fd15cfc35bd182d84ea847c852
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_m68k.deb
      Size/MD5 checksum:   340916 adf942ec807fd5a39fdb9707226921bc
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_m68k.deb
      Size/MD5 checksum:   353106 d724b6da9758c7bd3c4a4dfee4411306
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_m68k.deb
      Size/MD5 checksum:   352830 5a090fa4b611c42a907919a88861eb9a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mips.deb
      Size/MD5 checksum:   382394 7e6c7b8b92827f3a6644689b0d06ef4e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mips.deb
      Size/MD5 checksum:   201616 fb61630fd14f0520518f78d198b15480
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mips.deb
      Size/MD5 checksum:   391986 0ffbc86ea82bd910466c367f156af4be
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mips.deb
      Size/MD5 checksum:   406488 2dff85fe8dc813c5be15780765a90a74
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mips.deb
      Size/MD5 checksum:   406238 1d658816888f361611ef7c7a41062f62

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mipsel.deb
      Size/MD5 checksum:   384334 ea408f73dd5288c3dbdd15556cb4c884
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mipsel.deb
      Size/MD5 checksum:   201838 a2c8ed17d8c6dbfe3ff0a359ec8402fd
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mipsel.deb
      Size/MD5 checksum:   393390 f6396ba4684fec2a4bd2b8a156c617a8
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mipsel.deb
      Size/MD5 checksum:   409460 403eb9064b44dfb5c4f5c64e3d11b43e
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mipsel.deb
      Size/MD5 checksum:   409212 e1226c8b018ced87ad77118c660d0361

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_powerpc.deb
      Size/MD5 checksum:   384414 3cc172a7ddaf95a37905ce0ca2fc340f
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_powerpc.deb
      Size/MD5 checksum:   195366 d3db9b92cf67136399f153e804a168bd
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_powerpc.deb
      Size/MD5 checksum:   395170 9f26106f211808f807bfde1c2911629a
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_powerpc.deb
      Size/MD5 checksum:   412014 3a0d74322ba454ee72e0925cb871c3f5
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_powerpc.deb
      Size/MD5 checksum:   411760 2611181a4d8cb329bea9d9d0db130b31

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_s390.deb
      Size/MD5 checksum:   379686 06371d89be06ba9c16152ef8d0164f9b
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_s390.deb
      Size/MD5 checksum:   192976 5a2c80cb11cd89c008a978b2e235bd45
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_s390.deb
      Size/MD5 checksum:   390112 ee494ba31925ba491ba72152a7fd0a88
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_s390.deb
      Size/MD5 checksum:   403944 c38a72652bef06f11e87fa28ab48d86c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_s390.deb
      Size/MD5 checksum:   403734 2af77df7a25f5f5ed2b2d06c6fcd6ae3

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_sparc.deb
      Size/MD5 checksum:   369674 8dd5a9ec08ae54bcbc89ba8b6d695c87
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_sparc.deb
      Size/MD5 checksum:   188988 03998811bf00f61f9c52f79ee5150978
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_sparc.deb
      Size/MD5 checksum:   379464 fefd89407a8e0fdbc50a5398820aaa3c
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_sparc.deb
      Size/MD5 checksum:   394890 6d62112d1257db0c993e33d075f7adb3
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_sparc.deb
      Size/MD5 checksum:   394654 ada057a72951b1aa06d599b6e41bc503


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.