Vulnerabilities > CVE-2011-1137 - Numeric Errors vulnerability in Proftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | ProFTPD mod_sftp - Integer Overflow DoS PoC. CVE-2011-1137. Dos exploit for linux platform |
file | exploits/linux/dos/16129.txt |
id | EDB-ID:16129 |
last seen | 2016-02-01 |
modified | 2011-02-07 |
platform | linux |
port | |
published | 2011-02-07 |
reporter | kingcope |
source | https://www.exploit-db.com/download/16129/ |
title | ProFTPD mod_sftp - Integer Overflow DoS PoC |
type | dos |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-15.NASL description The remote host is affected by the vulnerability described in GLSA-201309-15 (ProFTPD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70111 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70111 title GLSA-201309-15 : ProFTPD: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-047.NASL description A vulnerability was discovered and corrected in proftpd : Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message (CVE-2011-1137). Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52729 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52729 title Mandriva Linux Security Advisory : proftpd (MDVSA-2011:047) NASL family Fedora Local Security Checks NASL id FEDORA_2011-5040.NASL description This update, to the current upstream maintenance release, fixes a large number of bugs (see NEWS for details), and also a couple of security issues : - Plaintext command injection vulnerability in FTPS implementation (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for details. - CVE-2011-1137 (badly formed SSH messages cause DoS). See http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. Other highlights include : - Display messages work properly again. - Performance improvements, especially during server startup/restarts. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53459 published 2011-04-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53459 title Fedora 14 : proftpd-1.3.3e-1.fc14 (2011-5040) NASL family FTP NASL id PROFTPD_1_3_4_RC2.NASL description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.4rc2 and is affected by a Denial of Service vulnerability in the mod_sftp module. last seen 2020-06-01 modified 2020-06-02 plugin id 106753 published 2018-02-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106753 title ProFTPD < 1.3.4rc2 client-hostname restriction bypass NASL family Fedora Local Security Checks NASL id FEDORA_2011-5098.NASL description The second release candidate for proftpd 1.3.4. This includes fixes for a number of security issues : - Plaintext command injection vulnerability in FTPS implementation - Badly formed SSH messages cause DoS - Limit recursion depth for untrusted regular expressions (#673040) The update also contains a large number of bug fixes over release candidate 1, plus new support for SSL session caching using memcached. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53460 published 2011-04-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53460 title Fedora 15 : proftpd-1.3.4-0.8.rc2.fc15 (2011-5098) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2185.NASL description It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service. The oldstable distribution (lenny) is not affected. last seen 2020-03-17 modified 2011-03-10 plugin id 52600 published 2011-03-10 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52600 title Debian DSA-2185-1 : proftpd-dfsg - integer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2011-5033.NASL description This update, to the current upstream maintenance release, fixes a large number of bugs (see NEWS for details), and also a couple of security issues : - Plaintext command injection vulnerability in FTPS implementation (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for details. - CVE-2011-1137 (badly formed SSH messages cause DoS). See http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. Other highlights include : - Display messages work properly again. - Performance improvements, especially during server startup/restarts. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53458 published 2011-04-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53458 title Fedora 13 : proftpd-1.3.3e-1.fc13 (2011-5033) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-095-01.NASL description New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53298 published 2011-04-06 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53298 title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : proftpd (SSA:2011-095-01)
References
- http://bugs.proftpd.org/show_bug.cgi?id=3586
- http://bugs.proftpd.org/show_bug.cgi?id=3587
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
- http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
- http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
- http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
- http://secunia.com/advisories/43234
- http://secunia.com/advisories/43635
- http://secunia.com/advisories/43978
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806
- http://www.debian.org/security/2011/dsa-2185
- http://www.exploit-db.com/exploits/16129/
- http://www.securityfocus.com/bid/46183
- http://www.vupen.com/english/advisories/2011/0617
- http://www.vupen.com/english/advisories/2011/0857
- https://bugzilla.redhat.com/show_bug.cgi?id=681718