Bug 24471 - ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities
: ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/proftpd)
: unstable
: all Linux
: P3 blocker
Assigned To:
:
: http://secunia.com/advisories/42052/
: security
:
:
  Show dependency tree
 
Reported: 2010-11-01 16:08 by
Modified: 2010-11-04 12:38 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2010-11-01 16:08:54
Two vulnerabilities have been reported in ProFTPD, which can be exploited by
malicious users to manipulate certain data and malicious people to compromise a
vulnerable system.

1) A logic error within the "pr_netio_telnet_gets()" function in src/netio.c
when processing user input containing the Telnet IAC (Interpret As Command)
escape sequence can be exploited to cause a stack-based buffer overflow by
sending specially crafted input to the FTP or FTPS service.

Successful exploitation may allow execution of arbitrary code.

2) An input validation error within the "mod_site_misc" module can be exploited
to e.g. create and delete directories, create symlinks, and change the time of
files located outside a writable directory.

Successful exploitation requires that ProFTPD is compiled with the
"mod_site_misc" module and the attacker has write access to a directory.

Fixed in 1.3.3c
------- Comment #1 From 2010-11-01 16:14:20 -------
до завтра отправлю
P.S. блин, я ж смотрел!
------- Comment #2 From 2010-11-04 12:38:45 -------
proftpd-1.3.3rel-alt2 -> sisyphus:

* Thu Nov 04 2010 Afanasov Dmitry <ender@altlinux> 1.3.3rel-alt2
- 1.3.3c stable release (closes: #24471)