Bug#648373: [CVE-2011-4130] Use-after-free issue

Francesco P. Lovergine frankie at debian.org
Fri Nov 11 11:54:58 UTC 2011


tag 648373 + pending
tag 648373 + patch
thanks

On Thu, Nov 10, 2011 at 09:31:17PM +0100, Florian Weimer wrote:
> Package: proftpd-dfsg
> Version: 1.3.3a-6squeeze1
> Severity: grave
> Tags: security
> 
> A use-after-free issue has been discovered in ProFTPd:
> 
> <http://bugs.proftpd.org/show_bug.cgi?id=3711>
> 
> It seems that squeeze is vulnerable, too.  I haven't checked the code
> in lenny yet.
> 

I have 1.3.3a-6squeeze3 ready for squeeze with the required fix. 
Waiting for a secteam go signal, just in case.

-- 
Francesco P. Lovergine
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 3711.dpatch by Francesco Paolo Lovergine <frankie at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' proftpd-dfsg~/src/main.c proftpd-dfsg/src/main.c
--- proftpd-dfsg~/src/main.c	2011-11-11 12:23:30.000000000 +0100
+++ proftpd-dfsg/src/main.c	2011-11-11 12:39:53.000000000 +0100
@@ -706,6 +706,10 @@
       _dispatch(cmd, LOG_CMD_ERR, FALSE, NULL);
 
       pr_response_flush(&resp_err_list);
+
+      /* Restore any previous pool to the Response API. */
+      pr_response_set_pool(resp_pool);
+
       return success;
     }
 
@@ -761,6 +765,9 @@
         break;
 
       default:
+        /* Restore any previous pool to the Response API. */
+        pr_response_set_pool(resp_pool);
+
         errno = EINVAL;
         return -1;
     }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20111111/d482e3ce/attachment.pgp>


More information about the Pkg-proftpd-maintainers mailing list