Re: ProFTPD still vulnerable (Sarge)
Hi,
>> One is CVE-2006-5815 and the other is a mod_tls vulnerability without
>> CVE
>> id yet. AFAIK there is no exploit for sarge's 1.2.x for CVE-2006-5815
>> yet.
>> So I would expect this to be the mod_tls vulnerability. Do you have
>> mod_tls enabled? Try connecting to your server with telnet and enter
>> FEAT
>> and see whether it returns AUTH TLS.
>
> Nope:
>
> 211-Features:
> 211-MDTM
> 211-REST STREAM
> 211-SIZE
> 211 End
Oh, that's bad. You don't have ftps enabled explicitly either?
This probably means that there is at least some exploit to DoS sarge's 1.2.x.
>
>> There is a thread about this at
>> http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-November/000972.html
>
> CVE-2006-5815: "Buffer overflow in ProFTPD 1.3.0 and earlier, when
> configured to use the CommandBufferSize directive ...". This directive
> is not in the default Debian Config file, I believe, and it isn't in the
> one on that machine.
This description is wrong. There was some confusion about what
CVE-2006-5815 is. It is really about a flaw in sreplace(). There is more
info about this confusion later in the thread above, e.g.
http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-November/000990.html
or at
http://bugs.proftpd.org/show_bug.cgi?id=2858
The CommandBufferSize issue was fixed by DSA-1218-1.
Cheers,
Stefan
Reply to: