Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Summary:

    “TAG_LOG_PKT

Impact:

    Confidentiality Impact: COMPLETE Integrity Impact: COMPLETE Availability Impact: COMPLETE

Detailed Information:

    Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Affected Systems:

    proftpd proftpd 1.3.2

    proftpd proftpd 1.3.3

    proftpd proftpd 1.3.2 d

    proftpd proftpd 1.3.2 b

    proftpd proftpd 1.3.2 rc3

    proftpd proftpd 1.3.2 e

    proftpd proftpd 1.3.2 rc4

    proftpd proftpd 1.3.3 rc3

    proftpd proftpd 1.3.2 c

    proftpd proftpd 1.3.3 rc4

    proftpd proftpd 1.3.3 b

    proftpd proftpd 1.3.3 rc1

    proftpd proftpd 1.3.3 a

    proftpd proftpd 1.3.2 a

    proftpd proftpd 1.3.3 rc2

Attack Scenarios:

    No data available

False Positives:

    None known

False Negatives:

    None known

Corrective Action:

    Upgrade to the latest non-affected version

    Apply vendor-provided patches

Contributors:

    No data available

Additional References:

* 1999-0660

* 2009-1535 ###ms09-020 http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx

* http://docs.idsresearch.org/http_ids_evasions.pdf

* 2001-0260

* 2005-0560 ###ms05-021 http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx

* 2010-3867

* 2010-3972

* 2010-4221

* MS11-004

* 2001-0554

* 2002-0639

* 2002-0640 ###ms04-011 http://technet.microsoft.com/en-us/security/bulletin/ms04-011

* 2004-0120

1-1.txt · Last modified: 2016/02/04 06:22 by admin2

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=1-1&1569249861