ProFTPD Remote Buffer Overflow and Directory Traversal Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 3 Nov 2010 4765 Views

RISK: Medium Risk

Medium Risk

Two vulnerabilities have been identified in ProFTPD, which could be exploited by remote attackers to take complete control of an affected system.

The first issue is caused by a stack overflow error in the "pr_netio_telnet_gets()" [src/netio.c] function when processing input containing a "TELNET_IAC" escape sequence, which could allow remote attackers to execute arbitrary code.

The second vulnerability is caused by errors in the "mod_site_misc" module when a writable directory exists, which could allow attackers with write permissions to create or delete a directory outside of the writable directory, create symlinks, or change the time of arbitrary files via a directory traversal.

Impact

  • Remote Code Execution

System / Technologies affected

  • ProFTPD versions prior to 1.3.3c

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities

1 Nov 2010 4745 Views

Next

Microsoft Internet Explorer CSS Tag Parsing Code Execution Vulnerability

4 Nov 2010 4567 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY