Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in ProFTPd
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in ProFTPd
ID: 202305-03
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mi, 3. Mai 2023, 23:14
Referenzen: https://nvd.nist.gov/vuln/detail/CVE-2021-46854
Applikationen: ProFTPD

Originalnachricht

--===============1095772982836855290==
Content-Type: text/plain; charset="utf-8"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: ProFTPd: Memory Disclosure
Date: May 03, 2023
Bugs: #811495
ID: 202305-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in ProFTPd which could result in
memory disclosure.

Background
==========

ProFTPD is an advanced and very configurable FTP server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/proftpd < 1.3.7c >= 1.3.7c

Description
===========

ProFTPd unconditionally sends passwords to Radius servers for
authentication in multiples of 16 bytes. If a password is not of a
length that is a multiple of 16 bytes, ProFTPd will read beyond the end
of the password string and send bytes beyond the end of the string
buffer.

Impact
======

Radius servers used for authentication can receive the contents of the
ProFTPd process' memory.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ProFTPd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7c"

References
==========

[ 1 ] CVE-2021-46854
https://nvd.nist.gov/vuln/detail/CVE-2021-46854

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============1095772982836855290==
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmRSJacACgkQFMQkOaVy
+9miHxAApgU8rktt75Tn0RVTvwg+rZmLpLlhXvZcMuZggeXC1zRi8UP5pLGAEaOY
PevxRZ5pg46A9ubLzi7IG7bcNKkfVQzHQEhtvoXE275ViVPicDzQC+NPka5XS8fL
AIAkTM1dQIfN5FPC5q3/mI1jWG/skiE6JFaS1JgQ4uGLeyfVDzUAINRlDbMljJTU
9dnpeKFfztx+Gr+ZIugGdrThhIX6gfapU6RzNcKOrZR044mNEt6v8pJwQcDAqOSQ
1XMgug5uEss8jHUF1de5oF7jKAzZKqcbJDvK9Bn2lRiFkk3amAIMWkXh83Y49yJQ
JZJcMOheQMcKCpkcjgVriPf1NC85znFrwFLTDwmC1Sq4u/zJjqRzmBBixQ0YKyRs
T5ztxMe+zlNsJU+s2q5o2T7Vxd8SaI+Ls2x3GsSn1AqDQBOyAivvHgTcWja/krSY
t8O6/hAlc0PhqGN6bK50igiSOL7kDn9pjQhC8JGtefhqXlawghcQV3JSfHaODpmK
O7bhlcUMSsT8LixNZOApD32RPnTMYtoZAqMBPLkmdHezOnRxz2MN0P7/oH0SINwf
eQD8e1BNPqc0kK/VlHXdnRmLxdQqb3Pdug48rlwmqbX1x72mr+utQo5R0cW3M2al
Y7zbmg67UGS+J42d3B9+4xSiCFK6bmqODkyYZttb+c7ArbIt/qU=
=GDra
-----END PGP SIGNATURE-----

--===============1095772982836855290==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung