LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

proftpd: arbitrary code execution

Package(s):proftpd CVE #(s):CVE-2010-3867
Created:November 2, 2010 Updated:March 15, 2011
Description: From the Slackware advisory:

Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI).

Alerts:
Debian DSA-2191-1 2011-03-14
Fedora FEDORA-2010-17220 2010-11-03
Mandriva MDVSA-2010:227 2010-11-11
Fedora FEDORA-2010-17091 2010-11-02
Fedora FEDORA-2010-17098 2010-11-02
Slackware SSA:2010-305-03 2010-11-02
(Log in to post comments)

proftpd: arbitrary code execution

Posted Nov 4, 2010 12:53 UTC (Thu) by Trou.fr (subscriber, #26289) [Link]

Note that this vulnerability is *pre-auth*.

http://bugs.proftpd.org/show_bug.cgi?id=3521

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds