Lucene search

K
osvGoogleOSV:DSA-2346-1
HistoryNov 16, 2011 - 12:00 a.m.

proftpd-dfsg - several

2011-11-1600:00:00
Google
osv.dev
15

EPSS

0.019

Percentile

89.0%

Several vulnerabilities were discovered in ProFTPD, an FTP server:

  • (No CVE id)

ProFTPD incorrectly uses data from an unencrypted input buffer
after encryption has been enabled with STARTTLS, an issue
similar to

CVE-2011-0411
.

  • CVE-2011-4130
    ProFTPD uses a response pool after freeing it under
    exceptional conditions, possibly leading to remote code
    execution. (The version in lenny is not affected by this
    problem.)

For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny9.

For the stable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze4.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1.3.4~rc3-2.

We recommend that you upgrade your proftpd-dfsg packages.