Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1137

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1137
Last Modified 06 Sep 2011 11:15:29
Published 11 Mar 2011 12:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1137

Summary

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Vulnerable Systems

Application

  • Proftpd 1.2.0

  • Proftpd 1.2.1

  • Proftpd 1.2.10

  • Proftpd 1.2.2

  • Proftpd 1.2.3

  • Proftpd 1.2.4

  • Proftpd 1.2.5

  • Proftpd 1.2.6

  • Proftpd 1.2.7

  • Proftpd 1.2.8

  • Proftpd 1.2.9

  • Proftpd 1.3.0

  • Proftpd 1.3.1

  • Proftpd 1.3.2

  • Proftpd 1.3.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=681718

CONFIRM - http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2

CONFIRM - http://bugs.proftpd.org/show_bug.cgi?id=3586

VUPEN - ADV-2011-0857

VUPEN - ADV-2011-0617

BID - 46183

EXPLOIT-DB - 16129

DEBIAN - DSA-2185

SLACKWARE - SSA:2011-095-01

SECUNIA - 43978

SECUNIA - 43635

SECUNIA - 43234

CONFIRM - http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1

CONFIRM - http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3

FEDORA - FEDORA-2011-5033

FEDORA - FEDORA-2011-5040

CONFIRM - http://bugs.proftpd.org/show_bug.cgi?id=3587


Last Updated: 27 May 2016 10:56:11