Launchpad.net

CVE 2011-1137

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Related bugs and status

CVE-2011-1137 (Candidate) is related to these bugs:

Bug #729524: Sync Proftpd-dfsg 1.3.3d-4 (universe) from Debian Unstable (main)

Summary				In	Importance	Status
	729524	Sync Proftpd-dfsg 1.3.3d-4 (universe) from Debian Unstable (main)		proftpd-dfsg (Ubuntu)	Wishlist	Fix Released

Bug #905252: CVE-2011-4130 in lucid, maverick, natty

		In	Importance	Status
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu)	Undecided	Fix Released
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu Lucid)	Medium	Won't Fix
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu Maverick)	Medium	Won't Fix
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu Natty)	Medium	Won't Fix
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu Oneiric)	Undecided	Won't Fix
905252	CVE-2011-4130 in lucid, maverick, natty	proftpd-dfsg (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

EXPLOIT-DB: 16129
CONFIRM: http://bugs.proftpd.or...
CONFIRM: http://bugs.proftpd.or...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-2185
BID: 46183
SECUNIA: 43234
SECUNIA: 43635
VUPEN: ADV-2011-0617
FEDORA: FEDORA-2011-5033
FEDORA: FEDORA-2011-5040
SECUNIA: 43978
VUPEN: ADV-2011-0857
CONFIRM: http://proftp.cvs.sour...
CONFIRM: http://proftp.cvs.sour...
CONFIRM: http://proftp.cvs.sour...
SLACKWARE: SSA:2011-095-01