LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated proftpd packages fix mod_ctrls vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. Packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:232
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : proftpd
 Date    : December 18, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in the pr_ctrls_recv_request function in
 ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local
 users to execute arbitrary code via a large reqarglen length value.

 Packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 afa8803b9eede3fb73f55d31cb33e594  2007.0/i586/proftpd-1.3.0-4.4mdv2007.0.i586.rpm
 a1239dcf4957c20d234084c22a063812  2007.0/i586/proftpd-anonymous-1.3.0-4.4mdv2007.0.i586.rpm
 e9e9a955957310f3ef26fa55e24a191d  2007.0/i586/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.i586.rpm
 f1b9111ed66ef2316e386e992bff56a8  2007.0/i586/proftpd-mod_case-1.3.0-4.4mdv2007.0.i586.rpm
 2f2aa9286bc126898cb23eaac5547cc0  2007.0/i586/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.i586.rpm
 c5c71f0f78f6506842756ba9c79d121e  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.i586.rpm
 bafbeb5bfc0684fcd053caec876646e8  2007.0/i586/proftpd-mod_facl-1.3.0-4.4mdv2007.0.i586.rpm
 4f4c8bd3a36ff3b68e7a479590a3ee25  2007.0/i586/proftpd-mod_gss-1.3.0-4.4mdv2007.0.i586.rpm
 d5c741aec06c740e9d7f035a887f68d5  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.i586.rpm
 e61958daf818219eb409565efb0be974  2007.0/i586/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 c6f84f04b1a35ef26d6985a9063f0993  2007.0/i586/proftpd-mod_load-1.3.0-4.4mdv2007.0.i586.rpm
 dc0fec8773907dd7739fab6f5f6a5c78  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.i586.rpm
 860e998696b9140c94357457136be823  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.i586.rpm
 31478a97cf53f3da2b02ff26a19f9f69  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.i586.rpm
 355b61338fd647be4054d19e6c01587c  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.i586.rpm
 aef74c8839a8cb1fef322573a5c8d484  2007.0/i586/proftpd-mod_radius-1.3.0-4.4mdv2007.0.i586.rpm
 39b8c05989e14fc1aeb6fd1395d43973  2007.0/i586/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.i586.rpm
 61317e3f7742f4de4cfb26780f5cdd9a  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.i586.rpm
 4eba5eb110289f346d1ba0881ac82d50  2007.0/i586/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.i586.rpm
 481a8ed2e0ffbc03751d26cd2ae0acb3  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.i586.rpm
 76e926b07afbe8748f0ca072a1456c9b  2007.0/i586/proftpd-mod_sql-1.3.0-4.4mdv2007.0.i586.rpm
 834b63d40bb375af7694165303dbaf54  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.i586.rpm
 68190d61d5f9dc321d5e96eebdc6bc17  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.i586.rpm
 d2a242a9d88ac200a5715ec3a979627d  2007.0/i586/proftpd-mod_time-1.3.0-4.4mdv2007.0.i586.rpm
 a5d110ed77605d7056795a759d620774  2007.0/i586/proftpd-mod_tls-1.3.0-4.4mdv2007.0.i586.rpm
 6d563b023289499bafa6438e18bea304  2007.0/i586/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.i586.rpm
 97066280186fe51879b1f9f83a0fe865  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.i586.rpm
 2a8ffd5324411ca4c5579b0f3cc821e0  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.i586.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 952398679665b5a5647ef5f879797074  2007.0/x86_64/proftpd-1.3.0-4.4mdv2007.0.x86_64.rpm
 b67b546a78493bc67296b001da9f6dc5  2007.0/x86_64/proftpd-anonymous-1.3.0-4.4mdv2007.0.x86_64.rpm
 57d7228f8190ad5956221ddd33748b2d  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.x86_64.rpm
 c81674d9864512a2b47b00a4b9fc7ea2  2007.0/x86_64/proftpd-mod_case-1.3.0-4.4mdv2007.0.x86_64.rpm
 38629437de2866467dbee64942ef3d55  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.x86_64.rpm
 59b89afa67aa44cf302b4585738d6b0c  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.x86_64.rpm
 11d2e9e34803433fb623bff58e19fcc3  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.4mdv2007.0.x86_64.rpm
 904dc5ff6e1ca7205eb28a0d31db67df  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3eed275e17b61dc989e898531c3f2ed  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.x86_64.rpm
 a060e67e5b0fe1e15dbc2e6d148de9b2  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 959febcf9f74abccf5e3f249b3cd4501  2007.0/x86_64/proftpd-mod_load-1.3.0-4.4mdv2007.0.x86_64.rpm
 f0807b9080f431540bfe8b5729b2005f  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.x86_64.rpm
 b0c463356a8cbc6140d6ea7b28c6dc72  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 7dc4d54215124488579a572f49e4eea8  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
 2e8fbfc88d28b2fd367088ffb66b044e  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 6569fcc36cc6d11dfcc50db89a33037f  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.4mdv2007.0.x86_64.rpm
 39838f915a30da0f1ed0245fc521051e  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.x86_64.rpm
 dd89c2a4e5878c440fa506b36104f0fb  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.x86_64.rpm
 4b581f3bc61e0d34ff91f4dfad973ea1  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.x86_64.rpm
 37c2b30dcfc23cd9d1b6483e3b436442  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.x86_64.rpm
 a6ea95e4cdc9c3a17d06442c41169d69  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
 a7011c17a1a97a32b46a0a125fcaa28e  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.x86_64.rpm
 f65a272ba0af2f52a26fba6ebd216ee0  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.x86_64.rpm
 3187bcd5a199bbdafa6b49a43eb6cf91  2007.0/x86_64/proftpd-mod_time-1.3.0-4.4mdv2007.0.x86_64.rpm
 296952dc6fd46b23a309e762d7784044  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.4mdv2007.0.x86_64.rpm
 dad6e49ca6ea17a06d22740532acfc33  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.x86_64.rpm
 c3fa12831336500d533262efe59541a7  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.x86_64.rpm
 3359395a670ecb3d7a94fc9e5d75373a  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.x86_64.rpm 
 9ebf57be4074ca06a03e73ea67157225  2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.