|
|
Subscribe / Log in / New account

proftpd: code execution

Package(s):proftpd CVE #(s):CVE-2010-4652
Created:January 28, 2011 Updated:March 15, 2011
Description:

From the Red Hat bugzilla entry:

A heap-based buffer overflow flaw was found in the way ProFTPD FTP server prepared SQL queries for certain usernames, when the mod_sql module was enabled. A remote, unauthenticated attacker could use this flaw to cause proftpd daemon to crash or, potentially, to execute arbitrary code with the privileges of the user running 'proftpd' via a specially-crafted username, provided in the authentication dialog.

Alerts:
Gentoo 201309-15 proftpd 2013-09-24
Debian DSA-2191-1 proftpd-dfsg 2011-03-14
Mandriva MDVSA-2011:023 proftpd 2011-02-08
Fedora FEDORA-2011-0610 proftpd 2011-01-20
Fedora FEDORA-2011-0613 proftpd 2011-01-20
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds