CVE Reference: CVE-2010-4221

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-4221

Description:
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA42052
  Secunia Advisory: SA42217

MISC
  http://www.zerodayinitiative.com/advisories/ZDI-10-229/

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:227

FEDORA
  http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html

CONFIRM
  http://www.proftpd.org/docs/NEWS-1.3.3c
  http://bugs.proftpd.org/show_bug.cgi?id=3521

BID
  44562


Return to the previous page.