Vulnerability CVE-2013-4359: Information

Description

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4359
Published: Oct. 1, 2013
Modified: Dec. 31, 2016
Error type identifier: CWE-189

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
proftpdsisyphus1.3.5-alt2.gita31d0ab1.3.8-alt0.2.ga3489a6c8ALT-PU-2015-1457-1144569Fixed
proftpdp101.3.5-alt2.gita31d0ab1.3.6-alt0.4.ga73dbfe3bALT-PU-2015-1457-1144569Fixed
proftpdp91.3.5-alt2.gita31d0ab1.3.6-alt0.4.ga73dbfe3bALT-PU-2015-1457-1144569Fixed
proftpdc10f11.3.5-alt2.gita31d0ab1.3.6-alt0.4.ga73dbfe3bALT-PU-2015-1457-1144569Fixed
proftpdc9f21.3.5-alt2.gita31d0ab1.3.8-alt0.2.ga3489a6c8ALT-PU-2015-1457-1144569Fixed
proftpdp111.3.5-alt2.gita31d0ab1.3.8-alt0.2.ga3489a6c8ALT-PU-2015-1457-1144569Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
  • Exploit
http://bugs.proftpd.org/show_bug.cgi?id=3973
  • Patch
http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/
  • Exploit
openSUSE-SU-2013:1563
    DSA-2767
      openSUSE-SU-2015:1031

          1. Configuration 1

            cpe:2.3:a:proftpd:proftpd:1.3.5:rc3:*:*:*:*:*:*
            cpe:2.3:a:proftpd:proftpd:1.3.4:d:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top