Bug 729830 - VUL-0: CVE-2011-4130: proftpd: Response pool use-after-free flaw
VUL-0: CVE-2011-4130: proftpd: Response pool use-after-free flaw
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-11 10:30 UTC by Matthias Weckbecker
Modified: 2011-12-07 10:31 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2011-11-11 10:30:03 UTC
-----------------------------------------------------------------------
Hello Kurt, Steve, vendors,

   a use-after-free flaw was found in the way ProFTPD, an enhanced FTP
server, performed retrieval of the response pool for the old command
(when ProFTPD was in the midst of the data transfer, when new command
arrived) used by the Response API. A remote attacker could provide a
specially-crafted request (resulting in a need the server to handle an
exceptional condition), leading to memory corruption and potentially
arbitrary code execution, with the privileges of the user running the
proftpd server.

Upstream bug report:
[1] http://bugs.proftpd.org/show_bug.cgi?id=3711

Relevant upstream patch:
[2] http://bugs.proftpd.org/show_bug.cgi?id=3711#c1

References:
[3] https://secunia.com/advisories/46811/
[4] https://bugs.gentoo.org/show_bug.cgi?id=390075
[5] http://www.zerodayinitiative.com/advisories/upcoming/
[6] https://bugzilla.redhat.com/show_bug.cgi?id=752812

Could you allocate a CVE id for this?
-----------------------------------------------------------------------
Comment 1 Swamp Workflow Management 2011-11-11 10:31:29 UTC
The SWAMPID for this issue is 44110.
This issue was rated as moderate.
Please submit fixed packages until 2011-11-25.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Bernhard Wiedemann 2011-11-11 14:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (729830) was mentioned in
https://build.opensuse.org/request/show/90988 Factory / proftpd
Comment 3 Bernhard Wiedemann 2011-11-15 15:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (729830) was mentioned in
https://build.opensuse.org/request/show/91557 12.1 / proftpd
Comment 4 Marcus Meissner 2011-12-07 10:31:00 UTC
12.1 fix looks released (no notify due to new maintenance code)