Lucene search

[email protected]NVD:CVE-2011-1137

HistoryMar 11, 2011 - 5:55 p.m.

CVE-2011-1137

2011-03-1117:55:03

CWE-189

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Affected configurations

NVD

Node

proftpdproftpdRange≤1.3.3d

proftpdproftpdMatch1.2.0

proftpdproftpdMatch1.2.0pre10

proftpdproftpdMatch1.2.0pre9

proftpdproftpdMatch1.2.0rc1

proftpdproftpdMatch1.2.0rc2

proftpdproftpdMatch1.2.0rc3

proftpdproftpdMatch1.2.1

proftpdproftpdMatch1.2.2

proftpdproftpdMatch1.2.2rc1

proftpdproftpdMatch1.2.2rc2

proftpdproftpdMatch1.2.2rc3

proftpdproftpdMatch1.2.3

proftpdproftpdMatch1.2.4

proftpdproftpdMatch1.2.5

proftpdproftpdMatch1.2.5rc1

proftpdproftpdMatch1.2.5rc2

proftpdproftpdMatch1.2.5rc3

proftpdproftpdMatch1.2.6

proftpdproftpdMatch1.2.6rc1

proftpdproftpdMatch1.2.6rc2

proftpdproftpdMatch1.2.7

proftpdproftpdMatch1.2.7rc1

proftpdproftpdMatch1.2.7rc2

proftpdproftpdMatch1.2.7rc3

proftpdproftpdMatch1.2.8

proftpdproftpdMatch1.2.8rc1

proftpdproftpdMatch1.2.8rc2

proftpdproftpdMatch1.2.9

proftpdproftpdMatch1.2.9rc1

proftpdproftpdMatch1.2.9rc2

proftpdproftpdMatch1.2.9rc3

proftpdproftpdMatch1.2.10

proftpdproftpdMatch1.2.10rc1

proftpdproftpdMatch1.2.10rc2

proftpdproftpdMatch1.2.10rc3

proftpdproftpdMatch1.3.0

proftpdproftpdMatch1.3.0a

proftpdproftpdMatch1.3.0rc1

proftpdproftpdMatch1.3.0rc2

proftpdproftpdMatch1.3.0rc3

proftpdproftpdMatch1.3.0rc4

proftpdproftpdMatch1.3.0rc5

proftpdproftpdMatch1.3.1

proftpdproftpdMatch1.3.1rc1

proftpdproftpdMatch1.3.1rc2

proftpdproftpdMatch1.3.1rc3

proftpdproftpdMatch1.3.2

proftpdproftpdMatch1.3.2a

proftpdproftpdMatch1.3.2b

proftpdproftpdMatch1.3.2c

proftpdproftpdMatch1.3.2d

proftpdproftpdMatch1.3.2e

proftpdproftpdMatch1.3.2rc1

proftpdproftpdMatch1.3.2rc2

proftpdproftpdMatch1.3.2rc3

proftpdproftpdMatch1.3.2rc4

proftpdproftpdMatch1.3.3

proftpdproftpdMatch1.3.3a

proftpdproftpdMatch1.3.3b

proftpdproftpdMatch1.3.3c

proftpdproftpdMatch1.3.3rc1

proftpdproftpdMatch1.3.3rc2

proftpdproftpdMatch1.3.3rc3

proftpdproftpdMatch1.3.3rc4

References

bugs.proftpd.org/show_bug.cgi?id=3586

bugs.proftpd.org/show_bug.cgi?id=3587

lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html

proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2

proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3

proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1

secunia.com/advisories/43234

secunia.com/advisories/43635

secunia.com/advisories/43978

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806

www.debian.org/security/2011/dsa-2185

www.exploit-db.com/exploits/16129/

www.securityfocus.com/bid/46183

www.vupen.com/english/advisories/2011/0617

www.vupen.com/english/advisories/2011/0857

bugzilla.redhat.com/show_bug.cgi?id=681718

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON

Related for NVD:CVE-2011-1137

cve1 nessus8 slackware1 openvas11 cvelist1 debiancve1 prion1 debian1 ubuntucve1 securityvulns2 fedora4 gentoo1