Debian Bug report logs -
#404751
CVE-2005-4816: Buffer overflow in mod_radius in ProFTPD
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 27 Dec 2006 23:48:01 UTC
Severity: grave
Tags: security
Found in version 1.2.10-15sarge3
Fixed in version 1.3.10-1
Done: "Francesco P. Lovergine" <frankie@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Francesco Paolo Lovergine <frankie@debian.org>:
Bug#404751; Package proftpd.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Francesco Paolo Lovergine <frankie@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: proftpd
Version: 1.2.10-15sarge3
Severity: grave
Tags: security
Justification: user security hole
According to
http://www.securityfocus.com/bid/16535
the proftpd in sarge is still vulnerable to CVE-2005-4816:
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long password.
Information forwarded to debian-bugs-dist@lists.debian.org, Francesco Paolo Lovergine <frankie@debian.org>:
Bug#404751; Package proftpd.
(full text, mbox, link).
Acknowledgement sent to "Francesco P. Lovergine" <frankie@debian.org>:
Extra info received and forwarded to list. Copy sent to Francesco Paolo Lovergine <frankie@debian.org>.
(full text, mbox, link).
Message #10 received at 404751@bugs.debian.org (full text, mbox, reply):
tags 404751 + sarge
thanks
On Thu, Dec 28, 2006 at 12:37:24AM +0100, Stefan Fritsch wrote:
> Package: proftpd
> Version: 1.2.10-15sarge3
> Severity: grave
> Tags: security
> Justification: user security hole
>
> According to
>
> http://www.securityfocus.com/bid/16535
>
> the proftpd in sarge is still vulnerable to CVE-2005-4816:
>
> Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote
> attackers to cause a denial of service (crash) and possibly execute
> arbitrary code via a long password.
--
Francesco P. Lovergine
Reply sent to "Francesco P. Lovergine" <frankie@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 404751-done@bugs.debian.org (full text, mbox, reply):
Package: proftpd
Version: 1.3.10-1
Solved in >= 1.3.0
On Thu, Dec 28, 2006 at 12:37:24AM +0100, Stefan Fritsch wrote:
> Package: proftpd
> Version: 1.2.10-15sarge3
> Severity: grave
> Tags: security
> Justification: user security hole
>
> According to
>
> http://www.securityfocus.com/bid/16535
>
> the proftpd in sarge is still vulnerable to CVE-2005-4816:
>
> Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote
> attackers to cause a denial of service (crash) and possibly execute
> arbitrary code via a long password.
--
Francesco P. Lovergine
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 20:14:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:43:33 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon