CVE-2011-1137

NONE EPSS 97.9%
Published Mar 11, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 11, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Threat Intelligence

EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-189

Affected Products 65

VendorProductVersionRange
proftpdproftpd* ≤1.3.3
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.1any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.3any
proftpdproftpd1.2.4any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.6any
proftpdproftpd1.2.6any
proftpdproftpd1.2.6any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.8any
proftpdproftpd1.2.8any
proftpdproftpd1.2.8any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any

References 17

  • bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3586
    Patch
  • bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3587
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html
  • proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2
    Patch
  • proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3
    Vendor Advisory
  • proftp.cvs.sourceforge.net http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/43234
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/43635
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/43978
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806
  • debian.org http://www.debian.org/security/2011/dsa-2185
  • exploit-db.com http://www.exploit-db.com/exploits/16129/
    Exploit
  • securityfocus.com http://www.securityfocus.com/bid/46183
    Exploit
  • vupen.com http://www.vupen.com/english/advisories/2011/0617
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2011/0857
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=681718
    ExploitPatch

Remediation