FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-4221

This CVE name corresponds to:

Entered Topic
2010-11-23 proftpd -- remote code execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-4221 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-4221
Phase Assigned(20101109)

Description

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

References

Source Reference
MISC http://www.zerodayinitiative.com/advisories/ZDI-10-229/
CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=3521
CONFIRM http://www.proftpd.org/docs/NEWS-1.3.3c
FEDORA FEDORA-2010-17091
FEDORA FEDORA-2010-17098
FEDORA FEDORA-2010-17220
MANDRIVA MDVSA-2010:227
BID 44562
SECUNIA 42052
SECUNIA 42217
VUPEN ADV-2010-2941
VUPEN ADV-2010-2959
VUPEN ADV-2010-2962

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.