CVE-2011-1137

Severity

50%

Complexity

99%

Confidentiality

48%

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

ProFTPD

First reported 13 years ago

2011-03-11 17:55:00

Last updated 13 years ago

2011-09-07 03:15:00

Affected Software

ProFTPD 1.2.0

1.2.0

ProFTPD 1.2.0pre10

1.2.0

ProFTPD 1.2.0pre9

1.2.0

ProFTPD 1.2.0 release candidate 1

1.2.0

ProFTPD 1.2.0 release candidate 2

1.2.0

ProFTPD 1.2.0 release candidate 3

1.2.0

ProFTPD 1.2.1

1.2.1

ProFTPD 1.2.2

1.2.2

ProFTPD 1.2.2 release candidate 1

1.2.2

ProFTPD 1.2.2 release candidate 2

1.2.2

ProFTPD 1.2.2 release candidate 3

1.2.2

ProFTPD 1.2.3

1.2.3

ProFTPD 1.2.4

1.2.4

ProFTPD 1.2.5

1.2.5

ProFTPD 1.2.5 release candidate 1

1.2.5

ProFTPD 1.2.5 release candidate 2

1.2.5

ProFTPD 1.2.5 release candidate 3

1.2.5

ProFTPD 1.2.6

1.2.6

ProFTPD 1.2.6 release candidate 1

1.2.6

ProFTPD 1.2.6 release candidate 2

1.2.6

ProFTPD 1.2.7

1.2.7

ProFTPD 1.2.7 release candidate 1

1.2.7

ProFTPD 1.2.7 release candidate 2

1.2.7

ProFTPD 1.2.7 release candidate 3

1.2.7

ProFTPD 1.2.8

1.2.8

ProFTPD 1.2.8 release candidate 1

1.2.8

ProFTPD 1.2.8 release candidate 2

1.2.8

ProFTPD 1.2.9

1.2.9

ProFTPD 1.2.9 release candidate 1

1.2.9

ProFTPD 1.2.9 release candidate 2

1.2.9

ProFTPD 1.2.9 release candidate 3

1.2.9

ProFTPD 1.2.10

1.2.10

ProFTPD 1.2.10 release candidate 1

1.2.10

ProFTPD 1.2.10 release candidate 2

1.2.10

ProFTPD 1.2.10 release candidate 3

1.2.10

ProFTPD 1.3.0

1.3.0

ProFTPD 1.3.0a

1.3.0

ProFTPD 1.3.0 release candidate 1

1.3.0

ProFTPD 1.3.0 release candidate 2

1.3.0

ProFTPD 1.3.0 release candidate 3

1.3.0

ProFTPD 1.3.0 release candidate 4

1.3.0

ProFTPD 1.3.0 release candidate 5

1.3.0

ProFTPD 1.3.1

1.3.1

ProFTPD 1.3.1 release candidate 1

1.3.1

ProFTPD 1.3.1 release candidate 2

1.3.1

ProFTPD 1.3.1 release candidate 3

1.3.1

ProFTPD 1.3.2

1.3.2

ProFTPD 1.3.2a

1.3.2

ProFTPD 1.3.2b

1.3.2

ProFTPD 1.3.2c

1.3.2

ProFTPD 1.3.2d

1.3.2

ProFTPD 1.3.2e

1.3.2

ProFTPD 1.3.2 release candidate 1

1.3.2

ProFTPD 1.3.2 release candidate 2

1.3.2

ProFTPD 1.3.2 release candidate 3

1.3.2

ProFTPD 1.3.2 release candidate 4

1.3.2

ProFTPD 1.3.3

1.3.3

ProFTPD 1.3.3a

1.3.3

ProFTPD 1.3.3b

1.3.3

ProFTPD 1.3.3c

1.3.3

ProFTPD 1.3.3 release candidate 1

1.3.3

ProFTPD 1.3.3 release candidate 2

1.3.3

ProFTPD 1.3.3 release candidate 3

1.3.3

ProFTPD 1.3.3 release candidate 4

1.3.3

References

http://bugs.proftpd.org/show_bug.cgi?id=3586

Patch

http://bugs.proftpd.org/show_bug.cgi?id=3587

FEDORA-2011-5040

FEDORA-2011-5033

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2

Patch

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3

Vendor Advisory

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1

Vendor Advisory

43234

Vendor Advisory

43635

Vendor Advisory

43978

SSA:2011-095-01

DSA-2185

16129

Exploit

46183

Exploit

ADV-2011-0617

Vendor Advisory

ADV-2011-0857

https://bugzilla.redhat.com/show_bug.cgi?id=681718

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.