Bug 24471

Summary: ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: proftpdAssignee: Afanasov Dmitry <ender>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: ender
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/42052/

Description Vladimir Lettiev 2010-11-01 16:08:54 MSK 
Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system.

1) A logic error within the "pr_netio_telnet_gets()" function in src/netio.c when processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service.

Successful exploitation may allow execution of arbitrary code.

2) An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory.

Successful exploitation requires that ProFTPD is compiled with the "mod_site_misc" module and the attacker has write access to a directory.

Fixed in 1.3.3c
Comment 1 Afanasov Dmitry 2010-11-01 16:14:20 MSK 
до завтра отправлю
P.S. блин, я ж смотрел!
Comment 2 Repository Robot 2010-11-04 12:38:45 MSK 
proftpd-1.3.3rel-alt2 -> sisyphus:

* Thu Nov 04 2010 Afanasov Dmitry <ender@altlinux> 1.3.3rel-alt2
- 1.3.3c stable release (closes: #24471)