Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702767
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2767-1 (proftpd-dfsg - denial of service)
Summary:Kingcope discovered that the mod_sftp and mod_sftp_pam modules of;proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly;validating input, before making pool allocations. An attacker can;use this flaw to conduct denial of service attacks against the system;running proftpd (resource exhaustion).
Description:Summary:
Kingcope discovered that the mod_sftp and mod_sftp_pam modules of
proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly
validating input, before making pool allocations. An attacker can
use this flaw to conduct denial of service attacks against the system
running proftpd (resource exhaustion).

Affected Software/OS:
proftpd-dfsg on Debian Linux

Solution:
For the oldstable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze7.

For the stable distribution (wheezy), this problem has been fixed in
version 1.3.4a-5+deb7u1.

For the testing (jessie) and unstable (sid) distributions, this problem will
be fixed soon.

We recommend that you upgrade your proftpd-dfsg packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4359
Debian Security Information: DSA-2767 (Google Search)
http://www.debian.org/security/2013/dsa-2767
http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/
http://www.openwall.com/lists/oss-security/2013/09/17/6
SuSE Security Announcement: openSUSE-SU-2013:1563 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html
SuSE Security Announcement: openSUSE-SU-2015:1031 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.