CVE-2011-1137
NONE EPSS 97.9%
Published Mar 11, 201115y ago · Modified Jun 16, 20262w ago
Published Mar 11, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
Threat Intelligence
EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-189
Affected Products 65
| Vendor | Product | Version | Range |
|---|---|---|---|
| proftpd | proftpd | * | ≤1.3.3 |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.1 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.3 | any |
| proftpd | proftpd | 1.2.4 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
References 17
- bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3586
- bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3587
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
- proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
- proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
- proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
- secunia.com http://secunia.com/advisories/43234
- secunia.com http://secunia.com/advisories/43635
- secunia.com http://secunia.com/advisories/43978
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806
- debian.org http://www.debian.org/security/2011/dsa-2185
- exploit-db.com http://www.exploit-db.com/exploits/16129/
- securityfocus.com http://www.securityfocus.com/bid/46183
- vupen.com http://www.vupen.com/english/advisories/2011/0617
- vupen.com http://www.vupen.com/english/advisories/2011/0857
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=681718
Remediation
- bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3586
- proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=681718