Integer Overflow Vulnerability in ProFTPD's SFTP Module Impacting Remote Servers
CVE-2011-1137

Currently unrated

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 11 March 2011

What is CVE-2011-1137?

An integer overflow vulnerability exists in the SFTP module of ProFTPD versions prior to 1.3.3d. This flaw enables remote attackers to exploit a malformed SSH message, potentially resulting in excessive memory consumption. Successfully leveraging this vulnerability can lead to severe impacts, including denial of service attacks where the server may become unresponsive or suffer from an out-of-memory (OOM) condition.

References

http://slackware.com/security/viewer.php?l=slackware-secu...

vendor-advisoryx_refsource_SLACKWARE

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/c...

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/16129/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Mar 11, 2011
Vulnerability Reserved
Mar 2, 2011

JSON

Proftpd

What is CVE-2011-1137?

References

Timeline