Telnet IAC processing stack overflow
Bug #674646 reported by
Neil Wilson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd-dfsg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Vulnerability in versions of proftpd between proftpd-1.3.2rc3 and proftpd-1.3.3
http://
Patches available in Debian.
http://
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: proftpd-basic (not installed)
ProcVersionSign
Uname: Linux 2.6.32-25-generic x86_64
Architecture: amd64
Date: Fri Nov 12 19:07:51 2010
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
PATH=(custom, user)
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: proftpd-dfsg
Changed in proftpd-dfsg (Ubuntu): | |
status: | New → In Progress |
summary: |
- CVE-2010-3867 - Telnet IAC processing stack overflow + Telnet IAC processing stack overflow |
Changed in proftpd-dfsg (Ubuntu): | |
assignee: | nobody → Neil Wilson (neil-aldur) |
assignee: | Neil Wilson (neil-aldur) → Brightbox (brightbox) |
Changed in proftpd-dfsg (Ubuntu): | |
assignee: | Brightbox (brightbox) → nobody |
To post a comment you must log in.
This bug was fixed in the package proftpd-dfsg - 1.3.2c-1ubuntu0.1
---------------
proftpd-dfsg (1.3.2c-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Telnet IAC processing stack overflow. patches/ 3521.patch: adjust src/netio.c to check buflen properly. bugs.proftpd. org/attachment. cgi?id= 3521 patches/ CVE_2010_ 3867.dpatch: based on debian 3519.dpatch bugs.proftpd. org/attachment. cgi?id= 3519
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of ProFTPD. Authentication is not required to
exploit this vulnerability.
(LP: #674646)
- debian/
- http://
- CVE-2010-4221
* SECURITY UPDATE: Inappropriate directory traversal allowed by
mod_site_misc. This vulnerability can be used to:
- create a directory located outside the writable directory
- delete a directory located outside the writable directory
- create a symlink located outside the writable directory
- change the time of a file located outside the writable directory.
(LP: #674798)
- debian/
backported to v1.3.2
- http://
- CVE-2010-3867
-- Neil Wilson <email address hidden> Sat, 13 Nov 2010 11:51:28 +0000