ID CVE-2013-4359
Summary Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
References
Vulnerable Configurations
  • cpe:2.3:a:proftpd:proftpd:1.3.4:d:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.4:d:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.5:rc3:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.5:rc3:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 31-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://bugs.proftpd.org/show_bug.cgi?id=3973
debian DSA-2767
misc http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/
mlist [oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
suse
  • openSUSE-SU-2013:1563
  • openSUSE-SU-2015:1031
Last major update 31-12-2016 - 02:59
Published 30-09-2013 - 21:55
Back to Top