CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9273

CVSS context: CVE-2020-9273 affects ProFTPD, where interrupting a data transfer can corrupt the memory pool, triggering a use-after-free in alloc_pool and potentially enabling remote code execution. What’s affected: ProFTPD (notably around 1.3.7-era releases per advisory) with a memory allocator ...

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

CVE-2020-9272

CVE-2020-9272 concerns ProFTPD 1.3.7 with an out-of-bounds read in the FTP server’s mod_cap component, triggered via the cap_to_text function in cap_text.c. The vulnerability is network‑based (remote attacker over the protocol) with no authentication required and could lead to information disclos...

PT-2020-20566 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD version 1.3.7 Description: The issue is an out-of-bounds OOB read vulnerability in the mod cap module via the cap to text function in cap text.c. Recommendations: For ProFTPD version 1.3.7, consider disabling the mod cap module until ...

Siemens SIMATIC CP 1543-1

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

PT-2020-5165 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e+r1.3.5-2+deb8u7 ProFTPD versions prior to 1.3.6-alt0.4.ga73dbfe3b ProFTPD versions prior to 1.3.6-4+deb10u4 ProFTPD version 1.3.7 Description: ProFTPD contains a use-after-free vulnerability within the memory...

openSUSE Security Update : proftpd (openSUSE-2020-31)

This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...

openSUSE: Security Advisory for proftpd (openSUSE-SU-2020:0031-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0031-1 Security update for proftpd

This update for proftpd fixes the following issues: GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuation-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating the...

Security update for proftpd (moderate)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...

ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)

The remote host is running ProFTPD. It is affected by a vulnerability in the modcopy module which fails to honor and configurations as expected. An unauthenticated, remote attacker can exploit this, by using the modcopy module's functionality, in order to copy arbitrary files in the FTP directory...

Fedora Update for proftpd FEDORA-2019-848e410cfb

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the main.c component of the ProFTPD FTP server lies in the execution of a loop with an unreachable exit condition, allowing a hacker to cause a service failure.

The vulnerability of the main.c component of the ProFTPD FTP server is related to incorrect handling of long commands. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

MGASA-2019-0385 Updated proftpd packages fix security vulnerability

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

Updated proftpd packages fix security vulnerability

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

Fedora 31 : proftpd (2019-bfacf1e958)

This update addresses a number of bugs affecting processing of CRLs in modtls, including possible NULL pointer dereferences and missing some checks. Thanks to Lionel Debroux for reporting them. Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

Fedora 30 : proftpd (2019-65a983b8b6)

This update addresses a number of bugs affecting processing of CRLs in modtls, including possible NULL pointer dereferences and missing some checks. Thanks to Lionel Debroux for reporting them. Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...