Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-795-1:6B170
HistorySep 02, 2005 - 1:50 a.m.

[SECURITY] [DSA 795-1] New proftpd packages fix format string vulnerability

2005-09-0201:50:47
lists.debian.org
7

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Debian Security Advisory DSA 795-1 [email protected]
http://www.debian.org/security/ Michael Stone
September 1st, 2005 http://www.debian.org/security/faq

Package : proftpd
Vulnerability : potential code execution
Problem-Type : format string error
Debian-specific: no
CVE ID : CAN-2005-2390

infamous42md reported that proftpd suffers from two format string
vulnerabilities. In the first, a user with the ability to create a
directory could trigger the format string error if there is a
proftpd shutdown message configured to use the "%C", "%R", or "%U"
variables. In the second, the error is triggered if mod_sql is used
to retrieve messages from a database and if format strings have been
inserted into the database by a user with permission to do so.

The old stable distribution (woody) is not affected by these
vulnerabilities.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.10-15sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.10-20.

We recommend that you upgrade your proftpd package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
  Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.dsc
  Size/MD5 checksum:      897 1a728465d7d40d224e457809a06bc99c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.diff.gz
  Size/MD5 checksum:   127095 88f227abf247ed988fc35203d4108802

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge1_all.deb
  Size/MD5 checksum:   417460 ffde86a53bcc329f806d1014478730d0

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_alpha.deb
  Size/MD5 checksum:   444400 f07ac7db8a9c2745de8f9cab76cdb3c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_alpha.deb
  Size/MD5 checksum:   457288 92100f9ba762c52d715c1f56f51f70a1
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_alpha.deb
  Size/MD5 checksum:   476538 dc6f68d4dec57fb3646e15ca98e78d4a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_alpha.deb
  Size/MD5 checksum:   200800 ac5d323b2501c4396afd80ef0fb15c7f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_alpha.deb
  Size/MD5 checksum:   476842 5caa3a66575ae253d0ce1df399d2c145

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_amd64.deb
  Size/MD5 checksum:   194542 dff3b3414b99189ea8a9f8d119109d47
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_amd64.deb
  Size/MD5 checksum:   388576 e197f0eb6340706bb998872c0ea32949
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_amd64.deb
  Size/MD5 checksum:   415108 906cf04f3eed0c5164f71bc22b6b7e01
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_amd64.deb
  Size/MD5 checksum:   414970 a7baba4ba0bdd13548e6e28c4825a83f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_amd64.deb
  Size/MD5 checksum:   399826 a026b6c75ea587df68fbd1466adc1a2d

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_arm.deb
  Size/MD5 checksum:   188762 0740654ff6aedc7e96a8c3dfbbd2d315
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_arm.deb
  Size/MD5 checksum:   384080 1befd34e95a59132a071e3f9954eb6c4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_arm.deb
  Size/MD5 checksum:   398882 f4d78c3f50080f238407945718b45567
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_arm.deb
  Size/MD5 checksum:   373788 bf67d85da87abfe27c7bf42cf2833b91
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_arm.deb
  Size/MD5 checksum:   398776 b25b17e7f6bf86234865896bafa84678

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_hppa.deb
  Size/MD5 checksum:   194488 8267bb5ad6c70238fcebf3fb4035dace
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_hppa.deb
  Size/MD5 checksum:   403606 7dfe73131c34dc3e55c729bbc59f1252
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_hppa.deb
  Size/MD5 checksum:   431726 42c9d2d7d190e0ccaafcdb44e31536f5
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_hppa.deb
  Size/MD5 checksum:   431410 1aaf5d6855318e067640969095d8e96c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_hppa.deb
  Size/MD5 checksum:   414794 8ebec69081b2c56b56a532db0ce504fb

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_i386.deb
  Size/MD5 checksum:   397122 c629a1bf4982b085d05be740052cfa67
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_i386.deb
  Size/MD5 checksum:   396966 f67e8ec673c483fd3aa90f917595a250
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_i386.deb
  Size/MD5 checksum:   189470 8f024068171ca297064f29e58bc51b33
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_i386.deb
  Size/MD5 checksum:   381756 5355604f7b1625db02a3f68d97eff290
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_i386.deb
  Size/MD5 checksum:   371622 1a26e468fef7b863f30bf2b1fe7df817

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_ia64.deb
  Size/MD5 checksum:   207014 acacffe75c737005bb6c9d9bd63f091b
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_ia64.deb
  Size/MD5 checksum:   535252 ed7479cef8bc9777c5f11223779896d0
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_ia64.deb
  Size/MD5 checksum:   519678 0217f6bd617282f1e8d9e598f86f83aa
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_ia64.deb
  Size/MD5 checksum:   562122 2fbccb31b331c17609d5e4fdf517416a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_ia64.deb
  Size/MD5 checksum:   562312 5084eb589b099cfd51759557ce8fd21b

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_m68k.deb
  Size/MD5 checksum:   332318 a61dd073f2f9a4697d254b8e7fb48a14
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_m68k.deb
  Size/MD5 checksum:   353102 1e24565274060aeeafb77a756f31f212
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_m68k.deb
  Size/MD5 checksum:   340938 7afb5724e4caf150b6f5102c34c3c1d6
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_m68k.deb
  Size/MD5 checksum:   352770 ed92f153968e58aa200df1ef2888afba
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_m68k.deb
  Size/MD5 checksum:   187180 764673a0052a9b2b39e94076d764e2bb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mips.deb
  Size/MD5 checksum:   382426 aee4a0de1997e66fb89f3a8b964e716a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mips.deb
  Size/MD5 checksum:   406442 e45275b4fbc4479ffd60849efb79d067
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mips.deb
  Size/MD5 checksum:   201640 879687be2b57e8dcc90a8ea1158393ad
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mips.deb
  Size/MD5 checksum:   406224 5e522fc33f697d5dbd4df431c0cc9790
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mips.deb
  Size/MD5 checksum:   391930 08faf62b0089f29bd019866911c699e1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mipsel.deb
  Size/MD5 checksum:   201838 239a8377c0a5b2940afe2cf5b86bdaf2
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mipsel.deb
  Size/MD5 checksum:   409472 378d91ea943ff489ed38b49d60e84b76
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mipsel.deb
  Size/MD5 checksum:   384264 dfd8fa9d98bdcda752dc1cf7a88f6582
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mipsel.deb
  Size/MD5 checksum:   393384 ce795b5aa745c5d412c39814a5a8a427
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mipsel.deb
  Size/MD5 checksum:   409220 a84d6673ece2d89d4e28f39279f2914e

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_powerpc.deb
  Size/MD5 checksum:   384498 492efa6567a3f8e13b019c7fb05f160e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_powerpc.deb
  Size/MD5 checksum:   411728 2073ec04cf38a1449d4a350c3e55f16f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_powerpc.deb
  Size/MD5 checksum:   412074 f07eb73d8f40955facf41d2d52d67da2
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_powerpc.deb
  Size/MD5 checksum:   195382 c6079a29a73a585f060c1ee6037cb93f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_powerpc.deb
  Size/MD5 checksum:   395084 23ec082a6c703f517b3d9fa68ec42d9b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_s390.deb
  Size/MD5 checksum:   193006 1e52c1da9c58b290978b7935a9d58770
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_s390.deb
  Size/MD5 checksum:   379632 b7ecd26925dd5bf9a69f24e33dd55184
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_s390.deb
  Size/MD5 checksum:   390112 814e21080d6d95cea596a8dc5747e29f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_s390.deb
  Size/MD5 checksum:   403740 8426f8d4d195c1d51dd568249cb61619
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_s390.deb
  Size/MD5 checksum:   403984 89ff426837c5b0dbfed07f88700f619c

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_sparc.deb
  Size/MD5 checksum:   394824 4b17a185fb614e83739fd7cdc711b63a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_sparc.deb
  Size/MD5 checksum:   379428 5f182cf8e0303797c78f65f6aa8704a9
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_sparc.deb
  Size/MD5 checksum:   369734 a75df8c75998eae366a2200516eaf01f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_sparc.deb
  Size/MD5 checksum:   189018 c30ff0d36b2f68fc795f25efb128dd20
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_sparc.deb
  Size/MD5 checksum:   394700 9a8eb46038f3086f04daef31fea9b821

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3.1powerpcproftpd< 1.2.10-15sarge1proftpd_1.2.10-15sarge1_powerpc.deb
Debian3.1ia64proftpd< 1.2.10-15sarge1proftpd_1.2.10-15sarge1_ia64.deb
Debian3.1armproftpd-common< 1.2.10-15sarge1proftpd-common_1.2.10-15sarge1_arm.deb
Debian3.1sparcproftpd< 1.2.10-15sarge1proftpd_1.2.10-15sarge1_sparc.deb
Debian3.1i386proftpd-ldap< 1.2.10-15sarge1proftpd-ldap_1.2.10-15sarge1_i386.deb
Debian3.1s390proftpd-pgsql< 1.2.10-15sarge1proftpd-pgsql_1.2.10-15sarge1_s390.deb
Debian3.1powerpcproftpd-common< 1.2.10-15sarge1proftpd-common_1.2.10-15sarge1_powerpc.deb
Debian3.1mipsproftpd-pgsql< 1.2.10-15sarge1proftpd-pgsql_1.2.10-15sarge1_mips.deb
Debian3.1armproftpd< 1.2.10-15sarge1proftpd_1.2.10-15sarge1_arm.deb
Debian3.1amd64proftpd-pgsql< 1.2.10-15sarge1proftpd-pgsql_1.2.10-15sarge1_amd64.deb
Rows per page:
1-10 of 621

Related

nessus 5
ubuntucve 1
cve 1
openvas 6
gentoo 1
debian 3
freebsd 1
nessus
nessus
ProFTPD < 1.3.0rc2 Multiple Remote Format Strings
2005-07-27 00:00:00
Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)
2005-10-05 00:00:00
FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)
2006-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2005-2390
2005-07-27 00:00:00
cve
cve
CVE-2005-2390
2005-07-27 04:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200508-02 (proftpd)
2008-09-24 00:00:00
Debian Security Advisory DSA 795-2 (proftpd)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200508-02 (proftpd)
2008-09-24 00:00:00
gentoo
gentoo
ProFTPD: Format string vulnerabilities
2005-08-01 00:00:00
debian
debian
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
2005-09-03 01:28:34
[SECURITY] [DSA 795-1] New proftpd packages fix format string vulnerability
2005-09-02 01:50:47
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
2005-09-03 01:28:34
freebsd
freebsd
proftpd -- format string vulnerabilities
2005-07-26 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON
Related for DEBIAN:DSA-795-1:6B170
nessus5ubuntucve1cve1openvas6gentoo1debian3freebsd1