Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-1137

Published: 11/03/2011 Updated: 07/09/2011
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Proftpd

Vulnerability Summary

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and previous versions allows remote malicious users to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd 1.3.1

proftpd proftpd 1.3.2

proftpd proftpd 1.3.0

proftpd proftpd 1.3.3

proftpd proftpd 1.2.2

proftpd proftpd 1.2.0

proftpd proftpd 1.2.8

proftpd proftpd 1.2.9

proftpd proftpd 1.2.5

proftpd proftpd 1.2.7

proftpd proftpd 1.2.10

proftpd proftpd 1.2.4

proftpd proftpd 1.2.6

proftpd proftpd 1.2.1

proftpd proftpd

proftpd proftpd 1.2.3

Vendor Advisories

Debian CVElist Bug Report Logs: proftpd: mod_sftp integer overflow / CVE-2011-1137
Debian Bug report logs - #616179 proftpd: mod_sftp integer overflow / CVE-2011-1137 Package: proftpd-basic; Maintainer for proftpd-basic is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Source for proftpd-basic is src:proftpd-dfsg (PTS, buildd, popcon) Reported by: henri@nervfi Date: Wed, 2 ...
Debian Security Advisories: DSA-2185-1 proftpd-dfsg -- integer overflow
It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service The oldstable distribution (lenny) is not affected For the stable distribution (squeeze), this problem has been fixed in version 133a-6squeeze1 For the unstable distribution (sid), this problem has been fixed in ver ...

Exploits

Exploit DB: ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)
#ProFTPD mod_sftp Integer Overflow #by Kingcope #reference: wwwcastagliaorg/proftpd/modules/mod_sftphtml # Exploit Title: ProFTPD mod_sftp Integer Overflow # Date: 7 February 2011 # Author: Kingcope # Software Link: wwwcastagliaorg/proftpd/modules/mod_sftphtml # Tested on: Centos 55 #Program received signal SIGSEGV, Segmentat ...

References

CWE-189http://www.vupen.com/english/advisories/2011/0617https://bugzilla.redhat.com/show_bug.cgi?id=681718http://bugs.proftpd.org/show_bug.cgi?id=3587http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2http://bugs.proftpd.org/show_bug.cgi?id=3586http://secunia.com/advisories/43234http://www.debian.org/security/2011/dsa-2185http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1http://www.exploit-db.com/exploits/16129/http://www.securityfocus.com/bid/46183http://secunia.com/advisories/43635http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806http://secunia.com/advisories/43978http://www.vupen.com/english/advisories/2011/0857https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616179https://nvd.nist.govhttps://www.exploit-db.com/exploits/16129/https://www.debian.org/security/./dsa-2185
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook