stable

proftpd-1.3.5a-2.el7

FEDORA-EPEL-2015-0ec0c87b3a created by pghmcfc 10 years ago for Fedora EPEL 7

Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The mod_sftp module currently places no bounds/length limitations when reading these SFTP extension key/value data from the network. A malicious attacker might attempt to encode large values, and allocate more memory than is necessary, causing excessive resource usage or the FTP daemon to crash.

This update limits the amount of memory allocated to handle these extensions.

This update has been submitted for testing by pghmcfc.

10 years ago

This update has been pushed to testing.

10 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by pghmcfc.

10 years ago

This update has been pushed to stable.

10 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
Builds
1
proftpd-1.3.5a-2.el7
BZ#1286977 proftpd: unbounded SFTP extended attribute key/values
0
0
BZ#1286979 proftpd: unbounded SFTP extended attribute key/values [epel-all]
0
0
proftpd-1.3.5a-2.el7

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-6f874fb45-gwh52.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy