[ MDKSA-2007:130 ] - Updated proftpd packages fix authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:130
http://www.mandriva.com/security/
_______________________________________________________________________
Package : proftpd
Date : June 20, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
authentication.
The updated packages have been patched to prevent this issue. As well,
this update provides proper PAM configuration files for ProFTPD
on Corporate Server 4 that had prevented any mod_auth_pam-based
connections from succeeding authentication.
As well, ProFTPD 1.3.0 is being provided for Corporate 3 and Corporate
Server 4.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2165
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
4df0bb279c6d8f7bca7dc07ab3eb2d31
2007.0/i586/proftpd-1.3.0-4.5mdv2007.0.i586.rpm
c2946c78cb194b5f51d92a953992aa89
2007.0/i586/proftpd-anonymous-1.3.0-4.5mdv2007.0.i586.rpm
925224538848b48252478e217fbec141
2007.0/i586/proftpd-mod_autohost-1.3.0-4.5mdv2007.0.i586.rpm
f305778522e898984c78c7e765a2cc76
2007.0/i586/proftpd-mod_case-1.3.0-4.5mdv2007.0.i586.rpm
2abec2599e8419fc157def93994e82e5
2007.0/i586/proftpd-mod_clamav-1.3.0-4.5mdv2007.0.i586.rpm
5faedb96d6a677514c129edeb7093372
2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.5mdv2007.0.i586.rpm
6f75196f4631f118f7acf1729759e07f
2007.0/i586/proftpd-mod_facl-1.3.0-4.5mdv2007.0.i586.rpm
923a23a42f6bd9d2e5bc8594066537f2
2007.0/i586/proftpd-mod_gss-1.3.0-4.5mdv2007.0.i586.rpm
5a2b197795a0efc4fba59a0bc2b8f131
2007.0/i586/proftpd-mod_ifsession-1.3.0-4.5mdv2007.0.i586.rpm
7b2b918c9635afd6bb08f98257a6b4db
2007.0/i586/proftpd-mod_ldap-1.3.0-4.5mdv2007.0.i586.rpm
a0d2e6370399a7244fe51a47048b4ef2
2007.0/i586/proftpd-mod_load-1.3.0-4.5mdv2007.0.i586.rpm
6a0ece8bdaaa6c1f48902b2c2df26ea0
2007.0/i586/proftpd-mod_quotatab-1.3.0-4.5mdv2007.0.i586.rpm
d2522f67f32bfca2c3527384788f9a20
2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.5mdv2007.0.i586.rpm
3f3894791558762d69845e6e910dae1c
2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.5mdv2007.0.i586.rpm
30edda52bb9fda389d43ebde94492641
2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.5mdv2007.0.i586.rpm
6c054b96b625d64a9d50857e179ffbd3
2007.0/i586/proftpd-mod_radius-1.3.0-4.5mdv2007.0.i586.rpm
ff8f33895f9a32f288e8ed494989c20a
2007.0/i586/proftpd-mod_ratio-1.3.0-4.5mdv2007.0.i586.rpm
827b6ec650689fb9a3feac1bd495787c
2007.0/i586/proftpd-mod_rewrite-1.3.0-4.5mdv2007.0.i586.rpm
b9396dca35e62ddef1b0fdb8b26a4ac9
2007.0/i586/proftpd-mod_shaper-1.3.0-4.5mdv2007.0.i586.rpm
75f200926728544d7a4873bad06d2cb3
2007.0/i586/proftpd-mod_site_misc-1.3.0-4.5mdv2007.0.i586.rpm
cff19e7b2c019134111dab837d5436f4
2007.0/i586/proftpd-mod_sql-1.3.0-4.5mdv2007.0.i586.rpm
8f1aff76b00cadebc2cb829293d474b0
2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.5mdv2007.0.i586.rpm
e597af607ab4ada1407a2f395d822afb
2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.5mdv2007.0.i586.rpm
bd6690392c2728daa500870f2610b758
2007.0/i586/proftpd-mod_time-1.3.0-4.5mdv2007.0.i586.rpm
f8173b4b26d0d63befd2b92f73ab9b3a
2007.0/i586/proftpd-mod_tls-1.3.0-4.5mdv2007.0.i586.rpm
cda11e65a754aa5767bb64c84ef90234
2007.0/i586/proftpd-mod_wrap-1.3.0-4.5mdv2007.0.i586.rpm
d7c3ef9d9d86a0169c89be2ec337697d
2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.5mdv2007.0.i586.rpm
263c3654a26ad95cf5ae24dd988f0a0a
2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.5mdv2007.0.i586.rpm
3299419cb899a2e5dc59bce9c1acb110
2007.0/SRPMS/proftpd-1.3.0-4.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
940641dfb53f06220006a78bc3ef412a
2007.0/x86_64/proftpd-1.3.0-4.5mdv2007.0.x86_64.rpm
272f5c877ec0dbb2ec763234037b9f45
2007.0/x86_64/proftpd-anonymous-1.3.0-4.5mdv2007.0.x86_64.rpm
c3639b4ebda795d4f4ada5d822351bbd
2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.5mdv2007.0.x86_64.rpm
cd8f4de8f8ba96999d5c4c72ee34b8aa
2007.0/x86_64/proftpd-mod_case-1.3.0-4.5mdv2007.0.x86_64.rpm
bec70f0a129f9621e37478b9ca35d82b
2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.5mdv2007.0.x86_64.rpm
b8c522241e7debdfd2e838251fd06b75
2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.5mdv2007.0.x86_64.rpm
399f89d3817e837797f4f15af6c10d80
2007.0/x86_64/proftpd-mod_facl-1.3.0-4.5mdv2007.0.x86_64.rpm
d75e5036eaf567ad702c4e7ababb2245
2007.0/x86_64/proftpd-mod_gss-1.3.0-4.5mdv2007.0.x86_64.rpm
b6bad90f9006f26d3a5edc2108926fcc
2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.5mdv2007.0.x86_64.rpm
100ce895b525057284deb236a0fda789
2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.5mdv2007.0.x86_64.rpm
681ba7d40478c0f30c236ebe792718bf
2007.0/x86_64/proftpd-mod_load-1.3.0-4.5mdv2007.0.x86_64.rpm
609656a44f2c4a581c429d3fb5e772c6
2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.5mdv2007.0.x86_64.rpm
ab7367049078956fdf822104032b6f70
2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.5mdv2007.0.x86_64.rpm
cc642a2bdb6f833fe5132d47f3f5f26b
2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.5mdv2007.0.x86_64.rpm
3658ead93a56dbc601157a15df578416
2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.5mdv2007.0.x86_64.rpm
e29d2e68f61916091b93f1c86b1e0257
2007.0/x86_64/proftpd-mod_radius-1.3.0-4.5mdv2007.0.x86_64.rpm
16f66ebf852171d9fe1e8343342bea55
2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.5mdv2007.0.x86_64.rpm
5a2df1e2e63c2dbff65f7ee04c0eaead
2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.5mdv2007.0.x86_64.rpm
e4aec51decb390c7826f032e23eb42ca
2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.5mdv2007.0.x86_64.rpm
fcd136ad6b900e3a61269cbed5c25209
2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.5mdv2007.0.x86_64.rpm
75d4aefcafe256d0bd9c8c66a1d38dc2
2007.0/x86_64/proftpd-mod_sql-1.3.0-4.5mdv2007.0.x86_64.rpm
5f4bd2e0781928a87ff4fea034e91d1e
2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.5mdv2007.0.x86_64.rpm
138ef662cf42977c82422f457a97e50b
2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.5mdv2007.0.x86_64.rpm
ae43000ebfe0421b521af2fd4106898e
2007.0/x86_64/proftpd-mod_time-1.3.0-4.5mdv2007.0.x86_64.rpm
e1f0ff6ed6a41afc7aa9e2b20556dbb8
2007.0/x86_64/proftpd-mod_tls-1.3.0-4.5mdv2007.0.x86_64.rpm
838756544cb2472ed5d132820b184f50
2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.5mdv2007.0.x86_64.rpm
fdb226ad98715d1af3cfa052fe977793
2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.5mdv2007.0.x86_64.rpm
f5ad64dba41e0a8a378ce68f68830055
2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.5mdv2007.0.x86_64.rpm
3299419cb899a2e5dc59bce9c1acb110
2007.0/SRPMS/proftpd-1.3.0-4.5mdv2007.0.src.rpm
Mandriva Linux 2007.1:
4b1d228962a1de1e09c8f3ea726849d6
2007.1/i586/proftpd-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
bfa675072317434abeea36b7cdec31c5
2007.1/i586/proftpd-devel-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
32a7206bdb1824336ebcf6ba03e6691b
2007.1/i586/proftpd-mod_autohost-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
38d95f4ebbdf8de0554bc3af1b3c9e17
2007.1/i586/proftpd-mod_ban-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
fb4036a8c065af77c8a2ea85c492a81a
2007.1/i586/proftpd-mod_case-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
181ce7dfd6917f223ca7f4327fd7ab30
2007.1/i586/proftpd-mod_clamav-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
dc83e69bfd9e4f164bfe367e39ede0d0
2007.1/i586/proftpd-mod_ctrls_admin-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
17d0816f66eca26fe37ac0db513dc923
2007.1/i586/proftpd-mod_gss-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
09fa82fe7ef48bd2bda42c34a83f6033
2007.1/i586/proftpd-mod_ifsession-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
54e690f8413eb62ab7733fdda4a0222f
2007.1/i586/proftpd-mod_ldap-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
e937a48e4014137c2e45b8b5e8113996
2007.1/i586/proftpd-mod_load-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
263a70ff3670dea161ef7649b5c290de
2007.1/i586/proftpd-mod_quotatab-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
a074a7838dfb82cf234a99aa0c049a83
2007.1/i586/proftpd-mod_quotatab_file-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
a62039e5ea274343dc4ae97750b1db1c
2007.1/i586/proftpd-mod_quotatab_ldap-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
79e2bdf3154a1699fb4908983d1665aa
2007.1/i586/proftpd-mod_quotatab_radius-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
b621d0e8f31323252cfea0233f22eff0
2007.1/i586/proftpd-mod_quotatab_sql-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
f1e808e6e6fe516a11b87ebd42cb3379
2007.1/i586/proftpd-mod_radius-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
097444ebc47f634d4d5403340a4a873a
2007.1/i586/proftpd-mod_ratio-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
d9e489312513f7e7f9cf6036de0af1a5
2007.1/i586/proftpd-mod_rewrite-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
8962cb028755089796af0f09f96de093
2007.1/i586/proftpd-mod_shaper-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
a69863fbcd526c90e37f826a6f9c3187
2007.1/i586/proftpd-mod_site_misc-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
d1570263aa067370be4640163e1753d0
2007.1/i586/proftpd-mod_sql-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
694e3ec959d13fde8dd2b6478de3918d
2007.1/i586/proftpd-mod_sql_mysql-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
2a807d8473b3c68bb5b738039f433908
2007.1/i586/proftpd-mod_sql_postgres-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
59ea33a497e208f280019da201316cae
2007.1/i586/proftpd-mod_time-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
cc04311aaad90ab8bf854e447d8a3f57
2007.1/i586/proftpd-mod_tls-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
da7a372fad04ce856fbab929805cb669
2007.1/i586/proftpd-mod_wrap-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
9406a1a670290f3cb0f9973a3e21d630
2007.1/i586/proftpd-mod_wrap_file-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
a14bf3d954440dd7f8d47a6b8afcc2fa
2007.1/i586/proftpd-mod_wrap_sql-1.3.1-0.rc2.3.2mdv2007.1.i586.rpm
8bc7c79e359964e602cff2449524950c
2007.1/SRPMS/proftpd-1.3.1-0.rc2.3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
c2523b8709c9a540961647aad40d9989
2007.1/x86_64/proftpd-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
356fe665f2352eec48cb246e0708b4d4
2007.1/x86_64/proftpd-devel-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
c9cd8258b22d92430a7e0371e7c60e54
2007.1/x86_64/proftpd-mod_autohost-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
9dab10bdd62e5435358bc6109689bed4
2007.1/x86_64/proftpd-mod_ban-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
46058e43b04c91bdaddffcda96025987
2007.1/x86_64/proftpd-mod_case-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
88b192dbd9f93a6f8d993309c494281a
2007.1/x86_64/proftpd-mod_clamav-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
72fbec6f115c2dbb5699c6b4ac188b71
2007.1/x86_64/proftpd-mod_ctrls_admin-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
63573257ad2506fd4d201ba2df98c0f9
2007.1/x86_64/proftpd-mod_gss-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
a3f0d6445d3149ae0060d3b2aba69d6d
2007.1/x86_64/proftpd-mod_ifsession-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
1d7977c5df05438b710aaaea5ca01814
2007.1/x86_64/proftpd-mod_ldap-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
044d313faca53666d4f9fc14b8f47dee
2007.1/x86_64/proftpd-mod_load-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
a6843f00a2e55b8176ed44fbe13c764c
2007.1/x86_64/proftpd-mod_quotatab-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
b663d7a5944316ba11b445db0ccd9183
2007.1/x86_64/proftpd-mod_quotatab_file-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
63b556c8a929f04574fd4790acd4ed93
2007.1/x86_64/proftpd-mod_quotatab_ldap-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
d7a6e0353f2da156373b983e2ce6c01d
2007.1/x86_64/proftpd-mod_quotatab_radius-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
eb696413ff9ba4dbcd53ef182fb7555d
2007.1/x86_64/proftpd-mod_quotatab_sql-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
c277df37ce4df69a6a3610f7db201b80
2007.1/x86_64/proftpd-mod_radius-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
dc3a5f61099a17535f0e95e269506ac2
2007.1/x86_64/proftpd-mod_ratio-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
6226b9cdb17cb40a6a22a34826f24016
2007.1/x86_64/proftpd-mod_rewrite-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
542cb1afa04afd70dc5c0ea2b765831c
2007.1/x86_64/proftpd-mod_shaper-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
72fc6743ac5cd0e131b3bd58c90b44fa
2007.1/x86_64/proftpd-mod_site_misc-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
94eff54009a6d1762a8d5a57656cddff
2007.1/x86_64/proftpd-mod_sql-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
b16d68307139c675a52139f1116367ab
2007.1/x86_64/proftpd-mod_sql_mysql-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
c243ed37d94e015deeabb2e0c0d5b2c2
2007.1/x86_64/proftpd-mod_sql_postgres-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
7d621196c308529b70cbca69822f86c3
2007.1/x86_64/proftpd-mod_time-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
7bdf1859c1d17944c2a03c1a64c64fbd
2007.1/x86_64/proftpd-mod_tls-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
3f9b7ec94bc8ccfee81f713984858f82
2007.1/x86_64/proftpd-mod_wrap-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
c518f3986960987ec9fb09c1d5c36a1c
2007.1/x86_64/proftpd-mod_wrap_file-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
f02aff0c7bf81f9c602d187230894330
2007.1/x86_64/proftpd-mod_wrap_sql-1.3.1-0.rc2.3.2mdv2007.1.x86_64.rpm
8bc7c79e359964e602cff2449524950c
2007.1/SRPMS/proftpd-1.3.1-0.rc2.3.2mdv2007.1.src.rpm
Corporate 3.0:
071cee298ebaccb0945bdf2ef14758a7
corporate/3.0/i586/proftpd-1.3.0-0.1.C30mdk.i586.rpm
b26fd6dd8e43d471a18e9ca68080c2de
corporate/3.0/i586/proftpd-anonymous-1.3.0-0.1.C30mdk.i586.rpm
f5dff5500c22b895b9ee4a1103a0c98b
corporate/3.0/SRPMS/proftpd-1.3.0-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
898ed42bcdd19766472f0da3a07f9e3a
corporate/3.0/x86_64/proftpd-1.3.0-0.1.C30mdk.x86_64.rpm
c6f4e2af00da2c6b9d4e7e5f9b4d93f6
corporate/3.0/x86_64/proftpd-anonymous-1.3.0-0.1.C30mdk.x86_64.rpm
f5dff5500c22b895b9ee4a1103a0c98b
corporate/3.0/SRPMS/proftpd-1.3.0-0.1.C30mdk.src.rpm
Corporate 4.0:
96d2be6fae3efb7239f310d76bc04f80
corporate/4.0/i586/proftpd-1.3.0-0.1.20060mlcs4.i586.rpm
2a96dc582ed55f1f4fa0f0055d42cc29
corporate/4.0/i586/proftpd-anonymous-1.3.0-0.1.20060mlcs4.i586.rpm
c8104221586d7db34c8319832c63e27a
corporate/4.0/SRPMS/proftpd-1.3.0-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
cf2c25efe10585b29dd400cbfdc93498
corporate/4.0/x86_64/proftpd-1.3.0-0.1.20060mlcs4.x86_64.rpm
399ea27ed2b7daaa589c4a8abadfb325
corporate/4.0/x86_64/proftpd-anonymous-1.3.0-0.1.20060mlcs4.x86_64.rpm
c8104221586d7db34c8319832c63e27a
corporate/4.0/SRPMS/proftpd-1.3.0-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGeay5mqjQ0CJFipgRArHGAJ0VKmUKL0vmxsIbJBGKLohARh3hxQCgg7Yx
9Wm0YuocqihQgrZXtUA7Yfs=
=c2xp
-----END PGP SIGNATURE-----