Title: ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
Nov 02, 2010
Nov 04, 2010
Oct 29, 2010
ProFTPD is prone to an overflow condition. The TELNET_IAC Escape Sequence handling fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted request, a remote attacker can potentially cause the executition of arbitrary code.
Remote / Network Access
Loss of Integrity
Upgrade to version 1.3.3c or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.