 |
ProFTPD CommandBufferSize远程拒绝服务漏洞 |
|
|
| ProFTPD CommandBufferSize远程拒绝服务漏洞 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-26 15:10:52 |
|
2006-11-23 22:05:20
发布日期:2006-11-10
更新日期:2006-11-23
受影响系统:ProFTPD Project ProFTPD 1.3 描述:
BUGTRAQ ID: 20992
CVE(CAN) ID: CVE-2006-5815
ProFTPD是一款开放源代码FTP服务程序。
ProFTPD在处理用户请求时存在漏洞,如果启用了CommandBufferSize选项的话,则ProFTPD的main.c文件中cmd_loop()函数就可能没有正确验证FTP命令的缓冲区大小限制,导致拒绝服务。
<*来源:Evgeny Legerov (aland@freeradius.org)
链接:http://secunia.com/advisories/22821/
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?view=diff&r1=text&tr1=1.292&r2=text&tr2=
http://www.debian.org/security/2005/dsa-1218
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1218-1)以及相应补丁:
DSA-1218-1:New proftpd packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-1218
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.dsc
Size/MD5 checksum: 897 fe043ac01a1753ba7d47e169d7863039
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.diff.gz
Size/MD5 checksum: 127600 d1611a9db379bee3e1f137c4c09d4b13
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
Size/MD5 checksum: 920495 7d2bc5b4b1eef459a78e55c027a4f3c4
Architecture independent components:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge2_all.deb
Size/MD5 checksum: 422520 784f6a1ead480a7198dd0ad7df4c6d7d
Alpha architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_alpha.deb
Size/MD5 checksum: 444406 dd457de80a77a65ea56f917ed8503641
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_alpha.deb
Size/MD5 checksum: 200788 0d3e2ba8ea9082b304a2c7f4d6af8df9
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_alpha.deb
Size/MD5 checksum: 457204 17af0e330f48108785aa9d00507c5291
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_alpha.deb
Size/MD5 checksum: 476800 dffaa2aad3f25eb2887005c27059b241
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_alpha.deb
Size/MD5 checksum: 476468 0c7be08d97b11f187c39f8a965b9e3c6
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_amd64.deb
Size/MD5 checksum: 389010 2fd7461b794783671e641d72488c4585
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_amd64.deb
Size/MD5 checksum: 194562 3113db8aa6ba8e67dcea03632cf6fe67
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_amd64.deb
Size/MD5 checksum: 400008 3a89749eb456ea237ca4d82ae18e4beb
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_amd64.deb
Size/MD5 checksum: 415382 302debcfd6ff112e7294959addcdc1d6
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_amd64.deb
Size/MD5 checksum: 415174 51c2c6374d0483191874f96dd7318a27
ARM architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_arm.deb
Size/MD5 checksum: 373836 b740b9aa079946e4d2cbf323ae72a978
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_arm.deb
Size/MD5 checksum: 188754 5ffae3af9d619b301595ea9b1175ef37
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_arm.deb
Size/MD5 checksum: 384048 8beac5c897580847d39427097efd5116
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_arm.deb
Size/MD5 checksum: 398914 5470be96f5ad34f83d1042139c6a639e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_arm.deb
Size/MD5 checksum: 398778 ae4abd419715b09b9a7bcc1f3e23eb96
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_hppa.deb
Size/MD5 checksum: 403664 e19be25ea86f75de8fb0015837e47e57
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_hppa.deb
Size/MD5 checksum: 194452 65616d5eed9a3270e0df3086ad87a8a7
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_hppa.deb
Size/MD5 checksum: 414846 5ce90027122e3a27646cc314854ea37e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_hppa.deb
Size/MD5 checksum: 431778 5deb145cbaacd0cbee298a0f6a02f6d2
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_hppa.deb
Size/MD5 checksum: 431492 9b950e59b183a6795d5eacb2002bf03c
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_i386.deb
Size/MD5 checksum: 371202 efa3cca67db44225ecf7990ee8b76808
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_i386.deb
Size/MD5 checksum: 188864 6129e4a1b65440c57e6e76e104025cf4
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_i386.deb
Size/MD5 checksum: 380918 2de20dc3d336007347871007ad2aa9b6
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_i386.deb
Size/MD5 checksum: 396670 2b6a3833f37f256ac0268bf03d25dfd8
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_i386.deb
Size/MD5 checksum: 396432 ba26cbd5cfa7cd9d06c94baad26864b3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_ia64.deb
Size/MD5 checksum: 519710 30aa10cfda1d97d81772d9a9fff3ef4c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_ia64.deb
Size/MD5 checksum: 206994 1eefe822ebe9df3b584f719db1e6e263
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_ia64.deb
Size/MD5 checksum: 535338 4108fe33e7d1e6827e1545ea6ebfff7e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_ia64.deb
Size/MD5 checksum: 562320 0ee714edb0c79544904c0db855daf174
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_ia64.deb
Size/MD5 checksum: 562214 4714a62fff2346f1d376f4306e0c6974
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_m68k.deb
Size/MD5 checksum: 332528 3ad435ced0a1492fd61ae55c90204ad1
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_m68k.deb
Size/MD5 checksum: 187148 312a33fd15cfc35bd182d84ea847c852
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_m68k.deb
Size/MD5 checksum: 340916 adf942ec807fd5a39fdb9707226921bc
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_m68k.deb
Size/MD5 checksum: 353106 d724b6da9758c7bd3c4a4dfee4411306
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_m68k.deb
Size/MD5 checksum: 352830 5a090fa4b611c42a907919a88861eb9a
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mips.deb
Size/MD5 checksum: 382394 7e6c7b8b92827f3a6644689b0d06ef4e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mips.deb
Size/MD5 checksum: 201616 fb61630fd14f0520518f78d198b15480
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mips.deb
Size/MD5 checksum: 391986 0ffbc86ea82bd910466c367f156af4be
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mips.deb
Size/MD5 checksum: 406488 2dff85fe8dc813c5be15780765a90a74
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mips.deb
Size/MD5 checksum: 406238 1d658816888f361611ef7c7a41062f62
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mipsel.deb
Size/MD5 checksum: 384334 ea408f73dd5288c3dbdd15556cb4c884
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mipsel.deb
Size/MD5 checksum: 201838 a2c8ed17d8c6dbfe3ff0a359ec8402fd
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mipsel.deb
Size/MD5 checksum: 393390 f6396ba4684fec2a4bd2b8a156c617a8
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mipsel.deb
Size/MD5 checksum: 409460 403eb9064b44dfb5c4f5c64e3d11b43e
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mipsel.deb
Size/MD5 checksum: 409212 e1226c8b018ced87ad77118c660d0361
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_powerpc.deb
Size/MD5 checksum: 384414 3cc172a7ddaf95a37905ce0ca2fc340f
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_powerpc.deb
Size/MD5 checksum: 195366 d3db9b92cf67136399f153e804a168bd
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_powerpc.deb
Size/MD5 checksum: 395170 9f26106f211808f807bfde1c2911629a
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_powerpc.deb
Size/MD5 checksum: 412014 3a0d74322ba454ee72e0925cb871c3f5
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_powerpc.deb
Size/MD5 checksum: 411760 2611181a4d8cb329bea9d9d0db130b31
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_s390.deb
Size/MD5 checksum: 379686 06371d89be06ba9c16152ef8d0164f9b
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_s390.deb
Size/MD5 checksum: 192976 5a2c80cb11cd89c008a978b2e235bd45
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_s390.deb
Size/MD5 checksum: 390112 ee494ba31925ba491ba72152a7fd0a88
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_s390.deb
Size/MD5 checksum: 403944 c38a72652bef06f11e87fa28ab48d86c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_s390.deb
Size/MD5 checksum: 403734 2af77df7a25f5f5ed2b2d06c6fcd6ae3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_sparc.deb
Size/MD5 checksum: 369674 8dd5a9ec08ae54bcbc89ba8b6d695c87
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_sparc.deb
Size/MD5 checksum: 188988 03998811bf00f61f9c52f79ee5150978
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_sparc.deb
Size/MD5 checksum: 379464 fefd89407a8e0fdbc50a5398820aaa3c
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_sparc.deb
Size/MD5 checksum: 394890 6d62112d1257db0c993e33d075f7adb3
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_sparc.deb
Size/MD5 checksum: 394654 ada057a72951b1aa06d599b6e41bc503
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
ProFTPD Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=text&r2=text&tr1=1.292&tr2=1.294&view=patch
|
|
| 新闻录入:admin 责任编辑:admin |
|
|
上一篇新闻: CA BrightStor ARCserve Backup Tape Engine服务远程缓冲区溢出漏洞
下一篇新闻: XMPlay播放列表文件远程栈溢出漏洞 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
