ProFTPD versions 1.3.0 and 1.3.0a local overflow exploit.
f226fa4b69a0b38b89856b6fdf13dd0cae57a2c097428ced1cb703ee6948d130Slackware Security Advisory - New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
cb63893e652e4b1ac3596a93b9ec8e823b155a7fe7c1cc34c0271f992a73ef6eSecunia Security Advisory - Slackware has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
2062bfa78e01243a6c31d7ec38b41d1fe4a26ee30426eaff54f6901a2a10459cMandriva Linux Security Advisory 2011-181 - Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. The updated packages have been upgraded to the latest version 1.3.3g which is not vulnerable to this issue.
0be1d40f8f3b58111ad1f44517b3cd8c334da98ee590aaee94305394e4d7a9d6Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot.
f59b24d7a9bf8446fb65b25ad7046e1b91fd2198e39bf16f0a7f6d2431d9e848Secunia Security Advisory - Fedora has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
10ab32a5c57a489e183ce7c8a4d53cea3512dd690e43742943bcd1f5175bff91Debian Linux Security Advisory 2346-2 - The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution (squeeze), nor the testing and unstable distributions.
2c741817b56678426ef6c637f2e3574cb0c40b669b506fd3585c4f936cddb790Debian Linux Security Advisory 2346-1 - Several vulnerabilities were discovered in ProFTPD, an FTP server. ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution.
4e0fcf4b058513cde8c483fad69e28ac40ae4aa41d60b8770ad1d405582c34f3Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
b042b6cfefe59bf1569e922d7012f959d2ae5e85844b6ddcc1fa014ac415dd41Secunia Security Advisory - A vulnerability has been reported in ProFTPD, which can be exploited by malicious users to compromise a vulnerable system.
d08578332dc908ec94ae8dd945dd9239f4e2e3836515779c4f42ba5a9d3d4febSecunia Security Advisory - Fedora has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
ccafd038dcde1e733e4b0fe7bb2f1aa78dc535b69cc46dc88c1e7b292d77d091Secunia Security Advisory - Slackware has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
eb3ba92d9d30cc61f96c5977a4790ef022e17c117f93a2f500648e3a5bae0a1eMandriva Linux Security Advisory 2011-047 - Integer overflow in the mod_sftp module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service via a malformed SSH message. Additionally for Mandriva Linux 2010.0 proftpd was upgraded to the same version as in Mandriva Linux 2010.2. The updated packages have been patched to correct this issue.
9505eefd8186096410330ca5fefa718efaedacf8687774ced3b4c91df99ea711Secunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.
94427441774f8e8c621ff598b3958f7b5622b90a1a4901a6453dd1e535bfb65bDebian Linux Security Advisory 2191-1 - Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon:
a3daaaafb4a782de07eeee7e0736d4db06721550e084937ec6b1b4e25601c428Debian Linux Security Advisory 2185-1 - It was discovered that an integer overflow in the SFTP file transfer module of the ProFTPD daemon could lead to denial of service.
8c0a9460615a79f2a39af6deb02e7ddb72b3c39bf9a721e9f487b650ee90953aSecunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f9c8265729d99170d7a9bec21f67ac1709a9aeaae300bbc45ca115d37b2131c3This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
97cfba55ad99e70aab89080a5fd28096914ddedef3359cfe0a68bdb2d98b0bffMandriva Linux Security Advisory 2011-023 - Heap-based buffer overflow in the sql_prepare_where function in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
515d49dc9513a1f6586e829388a19b81f06513f924d43218ea4eac91318d6fd7Secunia Security Advisory - A vulnerability has been discovered in ProFTPD, which can be exploited by malicious people to cause a DoS (Denial of Service).
d0323f010760e8d6cde09179731701cbfa4dd40fbf212bf13da0f3ec1c411aeaProFTPD mod_sftp integer overflow denial of service proof of concept exploit.
8be96176ffeabb738a525695e7d76457f45c838d9df2d027c6217df3d5d527c2This Metasploit module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been discovered about 2 (two) years ago by Evgeny Legerov.
41d4996163aa5db3c1f65003fa4feea5044edfa1112cac105c463346d43f029bGNU libc/regcomp(3) suffers from overflow and stack exhaustion vulnerabilities. proftpd.gnu.c exploit included.
43e26bde432a5e50b401382b8c5f29be36e9aef9c061f0a6cff7b5f6cc7132b4Secunia Security Advisory - A security issue has been reported in ProFTPD, which can be exploited by malicious people to compromise a vulnerable system.
93d7c62129f0f21b47890c47d4330d0cfaadf6d7346919e31c6cc1bc32aa32bcProFTPD version 1.3.3c compromised source remote root trojan code.
2b3de844c19ee4976c43fb307f8a5ad677fb8b4b2968ed884a2b2c49ff518797This Metasploit module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.
17094d8d6cc795f560232204708dd66d83a3dfa1fbf4de49a332bb625e731aef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed