Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0948 -- [Win][UNIX/Linux][Linux] Buffer overflow in ProFTPD 27 December 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ProFTPD 1.3.0a and prior Publisher: OpenPKG Operating System: UNIX variants (UNIX, Linux, OSX) Linux variants Windows Impact: Increased Privileges Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-6563 Comment: This advisory references vulnerabilities in products which run on multiple platforms. It is recommended that administrators running ProFTPD check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.039 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.039 Advisory Published: 2006-12-15 23:55 UTC Issue Id (internal): OpenPKG-SI-20061215.01 Issue First Created: 2006-12-15 Issue Last Modified: 2006-12-15 Issue Revision: 07 ____________________________________________________________________________ Subject Name: ProFTPD Subject Summary: Professional FTP Daemon Subject Home: http://www.proftpd.org/ Subject Versions: * < 1.3.1rc1 Vulnerability Id: CVE-2006-6563 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service, privilege escalation, arbitrary code execution Description: A vulnerability exists in the FTP server ProFTPD, versions up to and including 1.3.0a. The vulnerability is caused by a stack-based buffer overflow in the "pr_ctrls_recv_request" function of the "Controls" feature. This is an optional feature of ProFTPD server which is by default disabled in OpenPKG and that must be explicitly activated with the "with_ctrls" build-time option of the OpenPKG "profptd" package. Controls are a way to communicate directly with a standalone ProFTPD daemon while it is running. This provides administrators a way to alter the daemon's behavior in real time, without having to restart the daemon and have it re-read its configuration. The Controls feature allows authorized users to locally manage parameters of the ProFTPD servers, like aborting connections, managing users, changing log levels, disabling individual virtual servers, etc. The vulnerability allows local attackers with access to the Controls features (and who have been allowed by Controls ACLs in "proftpd.conf") to execute arbitrary code or even gain root privileges. References: [0] http://www.proftpd.org/ ____________________________________________________________________________ Primary Package Name: proftpd Primary Package Home: http://openpkg.org/go/package/proftpd Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID proftpd-1.3.0-E1.0.2 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ - -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFFgyfvZwQuyWG3rjQRAiX7AKDIQgd+EsJRb5xwYpWOjS+mRJvQLACeM/UC Dp+4JQNjU7pwlHkRooBiSEw= =FSCp - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRZHhrCh9+71yA2DNAQKwnwQAjOXXiN/hJwbQFsvfL3xFjd+/7cRrP+Wb c/z/V6jn4EI4FaRBnq0OaeEtgSj90NZCcapc4yT8cf+KI+J/JsREmu0bsiAJLdpy pKnNpov8mADBriP+E/pzKx0wCuy3R6Ye+mVgUplcbvxxIZ7bVIGJ9rqoufYFemI2 xui22EAw/NI= =BmO1 -----END PGP SIGNATURE-----