OSVDB ID: 68985

Title: ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow

Info

Disclosure

Nov 02, 2010

Discovery

Unknown

Dates

Exploit

Nov 04, 2010

Solution

Oct 29, 2010

Description

ProFTPD is prone to an overflow condition. The TELNET_IAC Escape Sequence handling fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted request, a remote attacker can potentially cause the executition of arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 1.3.3c or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The ProFTPD Project

ProFTPD

1.3.2rc3
1.3.3a
1.3.3b

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/68985