Secure testing team - Jan 2011 - Bug#609703: proftpd-basic: sql_prepare_where() buffer overflow (Bug#3536)

Package: proftpd-basic
Version: 1.3.1-17lenny4
Severity: critical
Tags: security
Justification: root security hole

As described in
http://www.h-online.com/open/news/item/Phrack-hole-closed-in-ProFTPD-1156782.html
upstream version 1.3.3d fixes a remote root exploit in previous versions
(proftpd bug Bug#3536). Quote: "A buffer overflow in the function
sql_prepare_where() allows attackers to remotely execute arbitrary code on the
server."


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, ''testing''), (500,
''stable'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages proftpd-basic depends on:
ii  adduser                   3.112          add and remove users and groups
ii  debconf                   1.5.36         Debian configuration management sy
ii  debianutils               3.4            Miscellaneous utilities specific t
ii  libacl1                   2.2.49-4       Access control list shared library
ii  libattr1                  1:2.4.44-2     Extended attribute shared library
ii  libc6                     2.11.2-7       Embedded GNU C Library: Shared lib
ii  libcap1                   1:1.10-14      support for getting/setting POSIX.
ii  libncurses5               5.7+20100313-4 shared libraries for terminal hand
ii  libpam-runtime            1.1.1-6.1      Runtime support for the PAM librar
ii  libpam0g                  1.1.1-6.1      Pluggable Authentication Modules l
ii  libssl0.9.8               0.9.8o-2       SSL shared libraries
ii  libwrap0                  7.6.q-19       Wietse Venema''s TCP
wrappers libra
ii  netbase                   4.43           Basic TCP/IP networking system
ii  sed                       4.2.1-7        The GNU sed stream editor
ii  ucf                       3.0025+nmu1    Update Configuration File: preserv
ii  update-inetd              4.38           inetd configuration file updater

proftpd-basic recommends no packages.

Versions of packages proftpd-basic suggests:
ii  openssl                   0.9.8o-2       Secure Socket Layer (SSL) binary a
ii  proftpd-doc               1.3.1-17lenny4 Versatile, virtual-hosting FTP dae
ii  proftpd-mod-ldap          1.3.1-17lenny4 versatile, virtual-hosting FTP dae
ii  proftpd-mod-mysql         1.3.1-17lenny4 versatile, virtual-hosting FTP dae
ii  proftpd-mod-pgsql         1.3.1-17lenny4 versatile, virtual-hosting FTP dae

-- Configuration Files:
/etc/cron.monthly/proftpd [Errno 2] No such file or directory:
u''/etc/cron.monthly/proftpd''

-- debconf information:
* shared/proftpd/inetd_or_standalone: standalone