Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ProFTPD
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11255
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера при разборе ESC-последовательности TELNET_IAC. Обратный путь в каталогах через симлинки и модуль mod_site_misc.
Затронутые продукты:PROFTPD : ProFTPD 1.3
CVE:CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:227 ] proftpd (15.11.2010)
 documentZDI, ZDI-10-229: ProFTPD TELNET_IAC Remote Code Execution Vulnerability (15.11.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород