Miembros de
Boletines de Vulnerabilidades |
Vulnerabilidades de formateo de cadenas en ProFTPD |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Confidencialidad |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | ProFTPD <= v1.3 rc1 |
Descripción |
|
|
Se han descubierto dos vulnerabilidades de formateo de cadena en las versiones anteriores a 1.3 rc1 de ProFTPD que pueden ser explotadas para obtener cierta información sensible. Las vulnerabilidades residen en el manejo de cadenas en la directiva SQLShowInfo de Mod_SQL y en la utilidad 'ftpshut'. - Existe un error de formateo de cadenas en la utilidad 'ftpshut' cuando se muestra un mensaje de despedida que contenga el nombre del directorio actual. La explotación de esta vulnerabilidad podría permitir a un atacante remoto con cuenta leer información contigua del buffer mediante la creación de un directorio especialmente diseñado. Para que este ataque sea posible el mensaje de despedida ha de contener las variables "%C", "%R", o "%U". - Existe un error de formateo de cadenas cuando se muestra mensajes de respuesta al cliente usando información obtenida de una base de datos usando mod_sql. Este hecho puede ser explotado por un usuario que inserte secuencias de formateo de cadenas en las tablas de la base de datos que son utilizadas para generar los mensajes de respuesta. Para que este ataque sea posible ha de estar activada la directiva "SQLShowInfo" y el usuario debe tener control sobre los contenidos de las tablas usadas en la base de datos |
|
Solución |
|
|
Actualización de software ProFTPD ProFTPD v1.3 & ProFTPD v1.3 rc1 ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.0rc2.tar.gz Mandriva Linux Mandrakelinux 10.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/proftpd-1.2.9-3.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/proftpd-1.2.9-3.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm Mandrakelinux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/proftpd-1.2.10-2.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/proftpd-1.2.10-2.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/proftpd-1.2.10-9.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/proftpd-1.2.10-9.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.dsc http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.diff.gz Architecture independent http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge1_all.deb DEC Alpha http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_arm.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_arm.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_arm.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_arm.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_arm.deb HP PA RISC http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.0.1_i386.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1.0.1_i386.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1.0.1_i386.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1.0.1_i386.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1.0.1_i386.deb ia64 http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_ia64.deb m68k http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_m68k.deb MIPS (Big Endian) http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mips.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mips.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mips.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mips.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mips.deb MIPS (Little Endian) http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_powerpc.deb s390 http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_s390.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_s390.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_s390.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_s390.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_s390.deb sparc http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2005-2390 |
| BID | |
Recursos adicionales |
|
|
ProFTPD Release notes http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2 Mandriva Security Advisories MDKSA-2005:140 http://www.mandriva.com/security/advisories?name=MDKSA-2005:140 Debian Security Advisory DSA 795-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00184.html Debian Security Advisory DSA 795-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00190.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2005-08-08 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2005:140). Aviso emitido y actualizado por Debian (DSA 795-1, DSA 795-2). | 2005-09-05 |