CVE-2013-4359

Summary

CVE	CVE-2013-4359
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-09-30 21:55:00 UTC
Updated	2016-12-31 02:59:00 UTC
Description	Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Proftpd	Proftpd	1.3.4	d	All	All
Application	Proftpd	Proftpd	1.3.5	rc3	All	All
Application	Proftpd	Proftpd	1.3.4	d	All	All
Application	Proftpd	Proftpd	1.3.5	rc3	All	All

References

Reference	Source	Link	Tags
openSUSE-SU-2013:1563-1: moderate: proftpd: security and bugfix update t	SUSE	lists.opensuse.org
Debian -- Security Information -- DSA-2767-1 proftpd-dfsg	DEBIAN	www.debian.org
Bug 3973 – mod_sftp can be forced to allocate too much memory for keyboard-interactive authentication	CONFIRM	bugs.proftpd.org	Patch
openSUSE-SU-2015:1031-1: moderate: Security update for proftpd	SUSE	lists.opensuse.org
ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication \| kingcopes´ blag	MISC	kingcope.wordpress.com	Exploit
oss-security - Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication	MLIST	www.openwall.com	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.