openSUSE Security Update : proftpd (openSUSE-SU-2013:1563-1)

medium Nessus Plugin ID 75173


The remote openSUSE host is missing a security update.


proftpd was updated to 1.3.4d.

- Fixed broken build when using --disable-ipv6 configure option

- Fixed mod_sql 'SQLAuthType Backend' MySQL issues

- fix for bnc#843444 (CVE-2013-4359)


- add proftpd-sftp-kbdint-max-responses-bug3973.patch

- Improve systemd service file

- use upstream tmpfiles.d file. related to [bnc#811793]

- Use /run instead of /var/run

- update to 1.3.4c

- Added Spanish translation.

- Fixed several mod_sftp issues, including SFTPPassPhraseProvider, handling of symlinks for REALPATH requests, and response code logging.

- Fixed symlink race for creating directories when UserOwner is in effect.

- Increased performance of FTP directory listings.

- rebase and rename patches (remove version string)

- proftpd-1.3.4a-dist.patch -> proftpd-dist.patch

- proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch

- proftpd-1.3.4a-strip.patch -> proftpd-strip.patch

- fix proftpd.conf (rebase basic.conf patch)

- IdentLookups is now a separate module <IfModule mod_ident.c> IdentLookups on/off </IfModule> is needed and module is not built cause crrodriguez disabled it.

- fix for bnc#787884 (

- added extra Source proftpd.conf.tmpfile

- Disable ident lookups, this protocol is totally obsolete and dangerous. (add --disable-ident)

- Fix debug info generation ( add --disable-strip)

- Add systemd unit

- update to 1.3.4b

+ Fixed mod_ldap segfault on login when LDAPUsers with no filters used.

+ Fixed sporadic SFTP upload issues for large files.

+ Fixed SSH2 handling for some clients (e.g. OpenVMS).

+ New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions

+ Fixed build errors on Tru64, AIX, Cygwin.

- add Source Signatuire (.asc) file

- add noBuildDate patch

- add lang pkg

- --enable-nls

- add configure option

- --enable-openssl, --with-lastlog


Update the affected proftpd packages.

See Also

Plugin Details

Severity: Medium

ID: 75173

File Name: openSUSE-2013-778.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Azure, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Risk Information


Risk Factor: Low

Score: 2.2


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:proftpd, p-cpe:/a:novell:opensuse:proftpd-debuginfo, p-cpe:/a:novell:opensuse:proftpd-debugsource, p-cpe:/a:novell:opensuse:proftpd-devel, p-cpe:/a:novell:opensuse:proftpd-lang, p-cpe:/a:novell:opensuse:proftpd-ldap, p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo, p-cpe:/a:novell:opensuse:proftpd-mysql, p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo, p-cpe:/a:novell:opensuse:proftpd-pgsql, p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo, p-cpe:/a:novell:opensuse:proftpd-radius, p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo, p-cpe:/a:novell:opensuse:proftpd-sqlite, p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/rpm-list, Host/cpu, Host/SuSE/release

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2013

Reference Information

CVE: CVE-2013-4359

BID: 62328