Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.
791bb06b4102a706095adc46d590ae0b5ea0a225e56966180f59fa840c1de6d2Debian Linux Security Advisory 2191-1 - Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon:
a3daaaafb4a782de07eeee7e0736d4db06721550e084937ec6b1b4e25601c428Mandriva Linux Security Advisory 2010-227 - Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a SITE MKDIR, SITE UTIME command. Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a FTPS server.
a6a929924a2a4e416021de37391ae322365e7a942efcedc03f1b0a657de2be0cThis Metasploit module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code.
b15672f8816cee6c5988bd4043b73fa81269c6b63d7afa9bf7db5a1b33c80105
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed