1557 matches found
CVE-2010-4221
CVE-2010-4221 describes a remote code execution vulnerability in ProFTPD’s TELNET IAC handling. Multiple stack-based buffer overflows in pr_netio_telnet_gets (netio.c) allow unauthenticated attackers to potentially execute arbitrary code by crafting TELNET IAC sequences to FTP/FTPS services. The ...
ProFTPD IAC Remote Root Exploit
Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work "FreeBSD 8.1 i386, ProFTPD 1.3.3a Server binary", PLATFORM SPEC "FreeBSD", OPERATING SYSTEM 0, EXPLOIT STYLE 0xbfbfe000, OFFSET...
ProFTPD IAC Remote Root Exploit
Exploit for windows platform in category remote exploits =============================== ProFTPD IAC Remote Root Exploit =============================== Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope use IO::Socket; $numtargets = 13; @targets = Plain Stack...
ProFTPd IAC 1.3.x - Remote Command Execution
Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope E-DB Note: If you have issues with this exploit, alter lines 549, 555 and 563. use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work "FreeBSD 8.1 i386, ProFTPD 1.3.3a Server binary"...
ProFTPd IAC 1.3.x - Remote Command Execution
ProFTPd IAC 1.3.x - Remote Command Execution Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope E-DB Note: If you have issues with this exploit, alter lines 549, 555 and 563. use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. The Debian Squeeze version of the exploit uses a litt...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow
$Id: proftptelnetiac.rb 10900 2010-11-04 18:12:11Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. This module requires Metasploit:...
ProFTPD多个模块目录遍历和缓冲区溢出漏洞
BUGTRAQ ID: 44562 CVE ID: CVE-2010-3867 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的src/netio.c文件中的prnetiotelnetgets函数在处理包含有Telnet IAC转义序列的用户输入时存在栈溢出,远程攻击者可以通过向FTP或FTPS服务提交恶意输入导致执行任意代码。 此外modsitemisc模块中存在多个输入验证错误,攻击者可以通过目录遍历攻击写入或删除任意目录、创建符号链接或更改文件时间。 ProFTPD Project ProFTPD 1.3.x 厂商补丁: ProFTPD Project...
[slackware-security] proftpd
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to a fix security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/proftpd-1.3.3c-i486-1slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability...
ProFTPD TELNET_IAC Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a...
proftpd -- remote code execution vulnerability
Tippingpoint reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When readin...
Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : proftpd (SSA:2010-305-03)
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to a fix security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-305-03. The...
[slackware-security] openssl
New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2010-0433 https://vulners.com/cve/CVE-2010-0740 A...
Debian DSA-1925-1 : proftpd-dfsg - insufficient input validation
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. %NASLMINLEVEL 70300 C Tenable Network Security,...
[Backports-security-announce] Security Update for proftpd-dfsg
Francesco P. Lovergine uploaded new packages for proftpd-dfsg which fixed the following security problem: CVE-2009-3639 The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a \0 character in a domain name i...
[Backports-security-announce] Security Update for proftpd-dfsg
Francesco P. Lovergine uploaded new packages for proftpd-dfsg which fixed the following security problem: CVE-2009-3639 The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a \0 character in a domain name i...
[Backports-security-announce] Security Update for proftpd-dfsg
Francesco P. Lovergine uploaded new packages for proftpd-dfsg which fixed the following security problem: CVE-2009-3639 The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a \0 character in a domain name i...
Fedora Core 12 FEDORA-2009-13250 (proftpd)
The remote host is missing an update to proftpd announced via advisory FEDORA-2009-13250. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...
Fedora Core 12 FEDORA-2009-13250 (proftpd)
The remote host is missing an update to proftpd announced via advisory FEDORA-2009-13250. OpenVAS Vulnerability Test $Id: fcore200913250.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13250 proftpd Authors: Thomas Reinke Copyright: Copyright c 2009...