Sicherheit: Mangelnde Rechteprüfung in ProFTPD
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in ProFTPD
ID: FEDORA-2015-6401
Distribution: Fedora
Plattformen: Fedora 20
Datum: So, 3. Mai 2015, 20:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
Applikationen: ProFTPD


Name        : proftpd
Product : Fedora 20
Version : 1.3.4e
Release : 3.fc20
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.

Update Information:

Vadim Melihow reported a critical issue with proftpd installations that use the
mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*

Upstream report:

This update contains a backported fix for this issue.

Note that mod_copy is not loaded/enabled by default in the Fedora package.

* Thu Apr 23 2015 Paul Howarth <paul@city-fan.org> - 1.3.4e-3
- Fix failure to load mod_copy by removing references to function that has not
been backported
* Wed Apr 15 2015 Paul Howarth <paul@city-fan.org> - 1.3.4e-2
- Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy
(CVE-2015-3306, http://bugs.proftpd.org/show_bug.cgi?id=4169)
- Fix wrong size in memset in mod_sftp_pam causing compiler warning
* Mon Feb 16 2015 Paul Howarth <paul@city-fan.org> - 1.3.4e-1
- Update to 1.3.4e
- Fixed numerous upstream-reported bugs:
- Spurious log messages at session close (bug 3945)
- LogFormat %f variable not resolved properly for SFTP renames (bug 3947)
- mod_delay allows too-large values, leading to client hang on
authentication (bug 3858)
- Null pointer dereference for mod_ldap logins when LDAPDefaultAuthScheme
not configured (bug 3951)
- scp downloads result in segfault (bug 3954)
- ProFTPD configuration with thousands of <Directory>/<Limit>
leads to slow logins (bug 3957)
- mod_sftp does not honor <Directory>/<Limit> sections when
symlinks are
involved (bug 3959)
- Directory creation does not honor single-parameter Umask setting
(bug 3958)
- Directory creation fails (chmod(2) EPERM) when root privs are used in
some cases (bug 3962)
- Authentication error on Cygwin due to bad code (bug 3972)
- mod_sftp can be forced to allocate too much memory for
keyboard-interactive authentication (bug 3973, CVE-2013-4359)
- PathDenyFilter directive does not work as expected for SFTP sessions
(bug 3974)
- Improve permission setting when creating directories (bug 3963)
- Null pointer dereference in mod_exec with ExecOption useStdin (bug 3981)
- Support filesystems that do not support chmod(2)/chown(2), e.g. FAT/ExFAT
(bug 3986)
- SSL session caching modules use incorrect OpenSSL cache mode flags,
breaking session caching (bug 3991)
- ProFTPD should not use fd 2 (stderr) for files (bug 3970)
- RSA signature issue when connecting using PuTTY/WinSCP (bug 3992)
- mod_sftp fails key exchange for 8192-bit DH group (bug 4001)
- IgnoreSCPUploadPerms SFTPOption not honored properly for SCP directory
upload (bug 4004)
- RADIUS "service-type" attribute encoded with wrong length on
system (bug 4006)
- SCP upload of shorter file does not completely overwrite existing file of
same name (bug 4013)
- "Directory not empty" error when creating directory is misleading
(bug 4022)
- Restarting proftpd with mod_sftp fails due to permissions on SFTPHostKey
file (bug 4032)
- SSH publickey authentication fails with "MaxLoginAttempts 1" (bug
- ALLO command failed because of bad size check (bug 4046)
- Race condition in mod_ban can lead to segfault of all new connections
(bug 4048)
- MIC command between RNFR and RNTO should not be rejected (bug 4042)
- mod_facl prevents a normal SIGHUP reload (bug 4044)
- Drop patches for issues resolved in new upstream release
- Anonymous upload directory specification needs to be slightly different if
mod_vroot is in use (#1045922)
- Backport some changes from upstream's 1.3.5 release to get the API tests
- Use %license where possible
* Fri Dec 20 2013 Paul Howarth <paul@city-fan.org> 1.3.4d-5
- Fix support for 8192-bit DH parameters (#1044586)
- Add 3072-bit and 7680-bit DH parameters (upstream bug 4002)

[ 1 ] Bug #1212386 - CVE-2015-3306 proftpd: unauthenticated copying of files
via SITE CPFR/CPTO allowed by mod_copy

This update can be installed with the "yum" update program. Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten