openSUSE Security Update : proftpd (openSUSE-SU-2013:1563-1)

Medium Nessus Plugin ID 75173


The remote openSUSE host is missing a security update.


proftpd was updated to 1.3.4d.

- Fixed broken build when using --disable-ipv6 configure option

- Fixed mod_sql 'SQLAuthType Backend' MySQL issues

- fix for bnc#843444 (CVE-2013-4359)


- add proftpd-sftp-kbdint-max-responses-bug3973.patch

- Improve systemd service file

- use upstream tmpfiles.d file. related to [bnc#811793]

- Use /run instead of /var/run

- update to 1.3.4c

- Added Spanish translation.

- Fixed several mod_sftp issues, including SFTPPassPhraseProvider, handling of symlinks for REALPATH requests, and response code logging.

- Fixed symlink race for creating directories when UserOwner is in effect.

- Increased performance of FTP directory listings.

- rebase and rename patches (remove version string)

- proftpd-1.3.4a-dist.patch -> proftpd-dist.patch

- proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch

- proftpd-1.3.4a-strip.patch -> proftpd-strip.patch

- fix proftpd.conf (rebase basic.conf patch)

- IdentLookups is now a separate module <IfModule mod_ident.c> IdentLookups on/off </IfModule> is needed and module is not built cause crrodriguez disabled it.

- fix for bnc#787884 (

- added extra Source proftpd.conf.tmpfile

- Disable ident lookups, this protocol is totally obsolete and dangerous. (add --disable-ident)

- Fix debug info generation ( add --disable-strip)

- Add systemd unit

- update to 1.3.4b

+ Fixed mod_ldap segfault on login when LDAPUsers with no filters used.

+ Fixed sporadic SFTP upload issues for large files.

+ Fixed SSH2 handling for some clients (e.g. OpenVMS).

+ New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions

+ Fixed build errors on Tru64, AIX, Cygwin.

- add Source Signatuire (.asc) file

- add noBuildDate patch

- add lang pkg

- --enable-nls

- add configure option

- --enable-openssl, --with-lastlog


Update the affected proftpd packages.

See Also

Plugin Details

Severity: Medium

ID: 75173

File Name: openSUSE-2013-778.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2015/08/24

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:proftpd, p-cpe:/a:novell:opensuse:proftpd-debuginfo, p-cpe:/a:novell:opensuse:proftpd-debugsource, p-cpe:/a:novell:opensuse:proftpd-devel, p-cpe:/a:novell:opensuse:proftpd-lang, p-cpe:/a:novell:opensuse:proftpd-ldap, p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo, p-cpe:/a:novell:opensuse:proftpd-mysql, p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo, p-cpe:/a:novell:opensuse:proftpd-pgsql, p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo, p-cpe:/a:novell:opensuse:proftpd-radius, p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo, p-cpe:/a:novell:opensuse:proftpd-sqlite, p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/14

Reference Information

CVE: CVE-2013-4359

BID: 62328

OSVDB: 97184