Bug#616179: proftpd: mod_sftp integer overflow / CVE-2011-1137
henri at nerv.fi
henri at nerv.fi
Wed Mar 2 23:20:30 UTC 2011
Package: proftpd-basic
Version: 1.3.3a-6
Tags: security
Severity: grave
Package proftpd-basic got assigned by CVE-2011-1137 "mod_sftp integer overflow". Packages might be vulnerable. Security tracker should also be updated. This needs verifying.
References:
http://www.openwall.com/lists/oss-security/2011/03/02/5
http://bugs.proftpd.org/show_bug.cgi?id=3586
http://www.exploit-db.com/exploits/16129/
http://www.castaglia.org/proftpd/modules/mod_sftp.html
Best regards,
Henri Salo
More information about the Pkg-proftpd-maintainers
mailing list