Upstream information

CVE-2013-4359 at MITRE

Description

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 843444 [RESOLVED / FIXED]

SUSE Security Advisories:

    openSUSE-SU-2013:1563-1 openSUSE-SU-2015:1031-1

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • proftpd >= 1.3.5b-2.5
  • proftpd-devel >= 1.3.5b-2.5
  • proftpd-doc >= 1.3.5b-2.5
  • proftpd-lang >= 1.3.5b-2.5
  • proftpd-ldap >= 1.3.5b-2.5
  • proftpd-mysql >= 1.3.5b-2.5
  • proftpd-pgsql >= 1.3.5b-2.5
  • proftpd-radius >= 1.3.5b-2.5
  • proftpd-sqlite >= 1.3.5b-2.5
Patchnames:
openSUSE Tumbleweed GA proftpd-1.3.5b-2.5


SUSE Timeline for this CVE

CVE page created: Wed Sep 18 06:16:09 2013
CVE page last modified: Thu Dec 7 13:06:31 2023