ID CVE-2011-1137
Summary Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
References
Vulnerable Configurations
  • ProFTPD 1.3.1 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.3.1:rc3
  • ProFTPD 1.3.1
    cpe:2.3:a:proftpd:proftpd:1.3.1
  • ProFTPD 1.3.1 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.3.1:rc2
  • ProFTPD 1.3.2d
    cpe:2.3:a:proftpd:proftpd:1.3.2:d
  • ProFTPD 1.3.2 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.3.2:rc3
  • ProFTPD 1.3.0
    cpe:2.3:a:proftpd:proftpd:1.3.0
  • ProFTPD 1.3.0 release candidate 5
    cpe:2.3:a:proftpd:proftpd:1.3.0:rc5
  • ProFTPD 1.3.1 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.3.1:rc1
  • ProFTPD 1.3.0a
    cpe:2.3:a:proftpd:proftpd:1.3.0:a
  • ProFTPD 1.3.0 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.3.0:rc2
  • ProFTPD 1.3.0 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.3.0:rc1
  • ProFTPD 1.3.0 release candidate 4
    cpe:2.3:a:proftpd:proftpd:1.3.0:rc4
  • ProFTPD 1.3.0 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.3.0:rc3
  • ProFTPD 1.2.10 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.10:rc2
  • ProFTPD 1.2.10 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.10:rc1
  • ProFTPD 1.2.10
    cpe:2.3:a:proftpd:proftpd:1.2.10
  • ProFTPD 1.2.10 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.10:rc3
  • ProFTPD 1.3.2b
    cpe:2.3:a:proftpd:proftpd:1.3.2:b
  • ProFTPD 1.3.2c
    cpe:2.3:a:proftpd:proftpd:1.3.2:c
  • ProFTPD 1.3.3
    cpe:2.3:a:proftpd:proftpd:1.3.3
  • ProFTPD 1.3.3a
    cpe:2.3:a:proftpd:proftpd:1.3.3:a
  • ProFTPD 1.3.3b
    cpe:2.3:a:proftpd:proftpd:1.3.3:b
  • ProFTPD 1.3.2e
    cpe:2.3:a:proftpd:proftpd:1.3.2:e
  • ProFTPD 1.3.3 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.3.3:rc2
  • ProFTPD 1.3.3 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.3.3:rc3
  • ProFTPD 1.3.3 release candidate 4
    cpe:2.3:a:proftpd:proftpd:1.3.3:rc4
  • ProFTPD 1.2.2
    cpe:2.3:a:proftpd:proftpd:1.2.2
  • ProFTPD 1.2.2 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.2:rc3
  • ProFTPD 1.2.2 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.2:rc2
  • ProFTPD 1.2.2 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.2:rc1
  • ProFTPD 1.2.5 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.5:rc2
  • ProFTPD 1.2.5 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.5:rc1
  • ProFTPD 1.2.4
    cpe:2.3:a:proftpd:proftpd:1.2.4
  • ProFTPD 1.2.3
    cpe:2.3:a:proftpd:proftpd:1.2.3
  • ProFTPD 1.2.0 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.0:rc1
  • ProFTPD 1.2.0pre10
    cpe:2.3:a:proftpd:proftpd:1.2.0:pre10
  • ProFTPD 1.2.0pre9
    cpe:2.3:a:proftpd:proftpd:1.2.0:pre9
  • ProFTPD 1.2.1
    cpe:2.3:a:proftpd:proftpd:1.2.1
  • ProFTPD 1.2.0
    cpe:2.3:a:proftpd:proftpd:1.2.0
  • ProFTPD 1.2.0 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.0:rc3
  • ProFTPD 1.2.0 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.0:rc2
  • ProFTPD 1.2.8 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.8:rc2
  • ProFTPD 1.2.8
    cpe:2.3:a:proftpd:proftpd:1.2.8
  • ProFTPD 1.2.7
    cpe:2.3:a:proftpd:proftpd:1.2.7
  • ProFTPD 1.2.8 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.8:rc1
  • ProFTPD 1.2.9 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.9:rc3
  • ProFTPD 1.2.9
    cpe:2.3:a:proftpd:proftpd:1.2.9
  • ProFTPD 1.2.9 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.9:rc1
  • ProFTPD 1.2.9 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.9:rc2
  • ProFTPD 1.2.6 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.6:rc1
  • ProFTPD 1.2.6 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.6:rc2
  • ProFTPD 1.2.5 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.5:rc3
  • ProFTPD 1.2.5
    cpe:2.3:a:proftpd:proftpd:1.2.5
  • ProFTPD 1.2.7 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.2.7:rc2
  • ProFTPD 1.2.7 release candidate 3
    cpe:2.3:a:proftpd:proftpd:1.2.7:rc3
  • ProFTPD 1.2.6
    cpe:2.3:a:proftpd:proftpd:1.2.6
  • ProFTPD 1.2.7 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.2.7:rc1
  • ProFTPD 1.3.2
    cpe:2.3:a:proftpd:proftpd:1.3.2
  • ProFTPD 1.3.2 release candidate 4
    cpe:2.3:a:proftpd:proftpd:1.3.2:rc4
  • ProFTPD 1.3.3 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.3.3:rc1
  • ProFTPD 1.3.2a
    cpe:2.3:a:proftpd:proftpd:1.3.2:a
  • ProFTPD 1.3.2 release candidate 2
    cpe:2.3:a:proftpd:proftpd:1.3.2:rc2
  • ProFTPD 1.3.2 release candidate 1
    cpe:2.3:a:proftpd:proftpd:1.3.2:rc1
  • cpe:2.3:a:proftpd:proftpd:1.3.3:d
    cpe:2.3:a:proftpd:proftpd:1.3.3:d
  • ProFTPD 1.3.3c
    cpe:2.3:a:proftpd:proftpd:1.3.3:c
CVSS
Base: 5.0 (as of 14-03-2011 - 09:56)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ProFTPD mod_sftp - Integer Overflow DoS PoC. CVE-2011-1137. Dos exploit for linux platform
file exploits/linux/dos/16129.txt
id EDB-ID:16129
last seen 2016-02-01
modified 2011-02-07
platform linux
port
published 2011-02-07
reporter kingcope
source https://www.exploit-db.com/download/16129/
title ProFTPD mod_sftp - Integer Overflow DoS PoC
type dos
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-5098.NASL
    description The second release candidate for proftpd 1.3.4. This includes fixes for a number of security issues : - Plaintext command injection vulnerability in FTPS implementation - Badly formed SSH messages cause DoS - Limit recursion depth for untrusted regular expressions (#673040) The update also contains a large number of bug fixes over release candidate 1, plus new support for SSL session caching using memcached. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 53460
    published 2011-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53460
    title Fedora 15 : proftpd-1.3.4-0.8.rc2.fc15 (2011-5098)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-15 (ProFTPD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70111
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70111
    title GLSA-201309-15 : ProFTPD: Multiple vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2011-095-01.NASL
    description New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 53298
    published 2011-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53298
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : proftpd (SSA:2011-095-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-5040.NASL
    description This update, to the current upstream maintenance release, fixes a large number of bugs (see NEWS for details), and also a couple of security issues : - Plaintext command injection vulnerability in FTPS implementation (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for details. - CVE-2011-1137 (badly formed SSH messages cause DoS). See http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. Other highlights include : - Display messages work properly again. - Performance improvements, especially during server startup/restarts. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 53459
    published 2011-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53459
    title Fedora 14 : proftpd-1.3.3e-1.fc14 (2011-5040)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-5033.NASL
    description This update, to the current upstream maintenance release, fixes a large number of bugs (see NEWS for details), and also a couple of security issues : - Plaintext command injection vulnerability in FTPS implementation (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for details. - CVE-2011-1137 (badly formed SSH messages cause DoS). See http://bugs.proftpd.org/show_bug.cgi?id=3586 for details. Other highlights include : - Display messages work properly again. - Performance improvements, especially during server startup/restarts. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 53458
    published 2011-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53458
    title Fedora 13 : proftpd-1.3.3e-1.fc13 (2011-5033)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2185.NASL
    description It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service. The oldstable distribution (lenny) is not affected.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 52600
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52600
    title Debian DSA-2185-1 : proftpd-dfsg - integer overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-047.NASL
    description A vulnerability was discovered and corrected in proftpd : Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message (CVE-2011-1137). Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 52729
    published 2011-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52729
    title Mandriva Linux Security Advisory : proftpd (MDVSA-2011:047)
  • NASL family FTP
    NASL id PROFTPD_1_3_4_RC2.NASL
    description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.4rc2 and is affected by a Denial of Service vulnerability in the mod_sftp module.
    last seen 2019-02-21
    modified 2018-02-13
    plugin id 106753
    published 2018-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106753
    title ProFTPD < 1.3.4rc2 client-hostname restriction bypass
refmap via4
bid 46183
confirm
debian DSA-2185
fedora
  • FEDORA-2011-5033
  • FEDORA-2011-5040
secunia
  • 43234
  • 43635
  • 43978
slackware SSA:2011-095-01
vupen
  • ADV-2011-0617
  • ADV-2011-0857
Last major update 06-09-2011 - 23:15
Published 11-03-2011 - 12:55
Back to Top