Computer Security
[EN] securityvulns.ru no-pyccku


ProFTPD security vulnerabilities
Published:15.11.2010
Source:
SecurityVulns ID:11255
Type:remote
Threat Level:
8/10
Description:Buffer overflow on TELNET_IAC ESC-sequence parsing. Directory traversal by creating symlinks with mod_site_misc module.
Affected:PROFTPD : ProFTPD 1.3
CVE:CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:227 ] proftpd (15.11.2010)
 documentZDI, ZDI-10-229: ProFTPD TELNET_IAC Remote Code Execution Vulnerability (15.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod