All errata/sisyphus/ALT-PU-2015-1457-1
ALT-PU-2015-1457-1

Package update proftpd in branch sisyphus

Version1.3.5-alt2.gita31d0ab
Task#144569
Published2015-05-21
Max severityMEDIUM
Severity:

Closed issues (3)

BDU:2015-02003
LOW1.2

Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить целостность защищаемой информации

Published: 2016-07-07Modified: 2024-07-05
CVSS 2.0LOW 1.2
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:P/A:N
References
CVE-2012-6095
LOW1.2

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Published: 2013-01-24Modified: 2026-04-29
CVSS 2.0LOW 1.2
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:P/A:N
References
CVE-2013-4359
MEDIUM5.0

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

Published: 2013-09-30Modified: 2026-04-29
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References