ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

vendor:

ProFTPD

by:

jduck

N/A

CVSS

N/A

Stack-based buffer overflow

119

CWE

Product Name: ProFTPD

Affected Version From: 1.3.2rc3

Affected Version To: 1.3.3b

Patch Exists: NO

Related CWE: CVE-2010-4221

CPE: a:proftpd:proftpd:1.3.2rc3

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-533d20e7-f71f-11df-9ae1-000bcdf0a03b/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-4221/

Other Scripts:

Platforms Tested: BSD

2010

ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code.

Mitigation:

Apply the vendor patch or upgrade to a version higher than 1.3.3b.

Source

ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

Mitigation:

Exploit-DB raw data: