ProFTPD 1.3.3c released

C

carpin

Verified User
Joined
Oct 15, 2010
Messages
13
[29/Oct/2010]

The ProFTPD Project team has released 1.3.3c to the community.
This is an important security release, containing fixes for a Telnet IAC handling vulnerability and a directory traversal vulnerability in the mod_site_misc module.
The RELEASE_NOTES and NEWS files contain the full details.

1.3.3c
---------

+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"


1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
http://www.proftpd.org/download.html
 
Thanks, pretty easy update:
Code: 
cd /usr/local/directadmin/custombuild
./build update
./build proftpd
 
The Chained SSL bug hasn't been fixed yet. You need to manually apply the patch if you offer secure connections to your ProFTPd server and you use chained certs.
 
Wunk said:
There's a root exploit in the wild for this:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20101107/3eeb443a/attachment.obj


Seems to be for versions 1.3.2c upto < 1.3.3c
Click to expand...

I just looked in my ftp logs and saw this:

::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "GET /id HTTP/1.1" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "ACCEPT: */*" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "ACCEPT-LANGUAGE: en-us" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "ACCEPT-ENCODING: gzip, deflate" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "USER-AGENT: Mozilla/4.0 (compatible; MSIE 6.0;

Windows 98)" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "HOST: <one of our ips>" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:30 -0800] "CONNECTION: Close" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "GET /id HTTP/1.1" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "ACCEPT: */*" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "ACCEPT-LANGUAGE: en-us" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "ACCEPT-ENCODING: gzip, deflate" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "USER-AGENT: Mozilla/4.0 (compatible; MSIE 6.0;

Windows 98)" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "HOST: <one of our ips>" 500 -
::ffff:72.51.37.220 UNKNOWN ftp [11/Nov/2010:10:55:42 -0800] "CONNECTION: Close" 500 -
Click to expand...

Is this related to that exploit? Don't know why this would show up in an FTP log..
 
idea

make[1]: Leaving directory `/usr/local/directadmin/custombuild/proftpd-1.3.3c/lib'
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_facts.c
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_ident.c
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_ratio.c
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_readme.c
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_tls.c
gcc -DHAVE_CONFIG_H -DLINUX -I.. -I../include -O2 -Wall -c mod_cap.c
/tmp/ccm1V2ei.s: Assembler messages:
/tmp/ccm1V2ei.s:400: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:427: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:451: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:483: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:8146: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:8153: Error: Incorrect register `%rax' used with `l' suffix
/tmp/ccm1V2ei.s:8173: Error: Incorrect register `%rdx' used with `l' suffix
/tmp/ccm1V2ei.s:8183: Error: Incorrect register `%rdx' used with `l' suffix
make[1]: *** [mod_tls.o] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/proftpd-1.3.3c/modules'
make: *** [modules] Error 2

*** The make has failed, do you want to try to make again? (y,n):

centos 5.5 64bit

any idea?
 
I ran the update as mentioned above... set proftpd=yes first in conf file... however now i get this error when trying to connect to the ftp...

[R] Connection failed (Connection refused)

what should I do ?

Update:

I restarted the service in DA and now it works :p
 
Last edited:
You must log in or register to reply here.
Back
Top