Bug 1164574 (CVE-2020-9273)

Summary: VUL-0: CVE-2020-9273: proftpd: possibility of corrupting memory pool by interrupting the data transfer channel
Product: [openSUSE] openSUSE Distribution Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: SecurityAssignee: Christian Wittmer <chris>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/253472/
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2020-02-21 15:10:02 UTC

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting
the data transfer channel. This triggers a use-after-free in alloc_pool in
pool.c, and possible remote code execution.

Comment 1 Christian Wittmer 2020-02-24 16:50:41 UTC
ongoing work ...
Comment 2 Swamp Workflow Management 2020-02-24 17:50:10 UTC
This is an autogenerated message for OBS integration:
This bug (1164574) was mentioned in
https://build.opensuse.org/request/show/778858 Factory / proftpd
Comment 3 Swamp Workflow Management 2020-02-24 21:50:09 UTC
This is an autogenerated message for OBS integration:
This bug (1164574) was mentioned in
https://build.opensuse.org/request/show/778895 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / proftpd
Comment 4 Swamp Workflow Management 2020-03-01 20:16:09 UTC
openSUSE-SU-2020:0273-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1164572,1164574
CVE References: CVE-2020-9272,CVE-2020-9273
Sources used:
openSUSE Leap 15.1 (src):    proftpd-1.3.6c-lp151.3.9.1
openSUSE Backports SLE-15-SP1 (src):    proftpd-1.3.6c-bp151.4.9.1
openSUSE Backports SLE-15 (src):    proftpd-1.3.6c-bp150.3.9.1
Comment 5 Christian Wittmer 2020-05-04 08:41:49 UTC
can we close this ?
Comment 6 Alexandros Toptsoglou 2020-05-04 08:43:09 UTC