Slackware 14.0 / 14.1 / 14.2 / current : proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-051-01. The text itself is copyright C Slackware...

Debian DLA-2115-2 : proftpd-dfsg regression update

It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling could have allowed a remote attacker to execute arbitrary code on the affected system...

Debian: Security Advisory (DLA-2115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2115-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u6 CVE ID : CVE-2020-9273 It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling could have allowed a remote attacker to execute...

[slackware-security] proftpd

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.6c-i586-1slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-fr...

DLA-2115-1 proftpd-dfsg - security update

Bulletin has no description...

ProFTPD < 1.3.7 Multiple Vulnerabilities

ProFTPD is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd"; ifdescription...

ProFTPD Buffer Overflow Vulnerability

ProFTPD is a secure cloud printing solution from the ProFTPD team. The solution supports printing from laptops, desktops and mobile devices connected to printers. ProFTPD suffers from a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause a buffer overflow or heap...

ProFTPD Resource Management Error Vulnerability

ProFTPD is a secure cloud printing solution from the ProFTPD team. The solution supports printing from laptops, desktops and mobile devices connected to printers. ProFTPD suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to achieve remote code...

DEBIAN-CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

DEBIAN-CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

Remote code execution

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

UBUNTU-CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

Out-of-bounds

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...