CVE-2010-4052

Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...

CVE-2010-4052

Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...

ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)

$Id: proftpsreplace.rb 11526 2011-01-09 23:33:53Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)

This module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been discovered about 2 two years ago by...

ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)

$Id: proftptelnetiac.rb 11525 2011-01-09 23:33:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow (Metasploit)

$Id: proftpsreplace.rb 11526 2011-01-09 23:33:53Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

GNU libcregcomp(3) - Multiple Vulnerabilities

GNU libcregcomp3 - Multiple Vulnerabilities // source: http://securityreason.com/securityalert/8003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - -...

GNU libc/regcomp(3) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected tested: - - Ubuntu 10.10 - ...

ProFTPD 1.3.3c Compromised Source Remote Trojan

The ProFTPD server is a full featured File Transfer Protocol FTP server mainly used in Linux distributions. Aside from the standard FTP features, the server supports a number of extensions. ProFTPD 1.3.3c backdoor allows users remote code access to systems which run the modified version of the...

Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : proftpd (SSA:2010-357-02)

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-357-02. The te...

[slackware-security] proftpd

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/proftpd-1.3.3d-i486-1slack13.1.txz: Upgraded. This update fixes an unbounded copy operation in...

ProFTPD < 1.3.3d 'mod_sql' Buffer Overflow

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.3d. Such versions are reportedly affected by a heap-based buffer overflow vulnerability in the function 'sqlpreparewhere' in the...

Metasploit 3.5.1 adds Cisco device exploitation !

Metasploit now enables security professionals to exploit Cisco devices, performs passive reconnaissance through traffic analysis, provides more exploits and evaluates an organization's password security by brute forcing an ever increasing range of services. This latest release adds stealth...

Metasploit Framework v3.5.1 Updated Version Download !

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit version 3.5.1! "The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a...

ProFTPD controlled source packages Backdoor security vulnerabilities and fixes-vulnerability warning-the black bar safety net

Affected version: ProFTPD Project ProFTPD 1.3. x ProFTPD is an open source FTP service program. ProFTPD specific period version is to insert the back door code, a remote attacker can use this Backdoor unauthorized access toFTP serveraccess to the control system. This issue affects the project's...

Preemptive Protection against ProFTPD FTP Server TELNET_AIC Stack Buffer Overflow

A buffer overflow vulnerability was reported in ProFTPD FTP Server, a full featured File Transfer Protocol FTP server mainly used in Linux distributions. The vulnerability is due to insufficient validation of user input. Remote attackers could exploit this vulnerability by sending a crafted FTP...

ProFTPD受控制源软件包后门安全漏洞

ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的特定时期版本被插入了后门代码，远程攻击者可利用这些后门非授权获取对FTP服务器的访问，从而控制系统。 此问题影响项目的主FTP服务器和所有镜像服务器发布的被攻击的ProFTPD 1.3.3c源代码包，此代码包中包含允许远程root权限访问的后门。2010年11月28日至12月2日期间下载的源代码受此问题影响。 ProFTPD Project ProFTPD 1.3.x 厂商补丁： ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

ftp-proftpd-backdoor NSE Script

Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID 45150. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the ftp-proftpd-backdoor.cmd script argument. Script Arguments ftp-proftpd-backdoor.cmd Command to...

GNU glibc - regcomp() Stack Exhaustion Denial of Service

GNU glibc - regcomp Stack Exhaustion Denial of Service // source: https://www.securityfocus.com/bid/45233/info GNU glibc is prone to a denial-of-service vulnerability due to stack exhaustion. Successful exploits will allow attackers to make the affected computer unresponsive, denying service to...

GNU glibc - &#039;regcomp()&#039; Stack Exhaustion Denial of Service

// source: https://www.securityfocus.com/bid/45233/info GNU glibc is prone to a denial-of-service vulnerability due to stack exhaustion. Successful exploits will allow attackers to make the affected computer unresponsive, denying service to legitimate users. This issue affects unknown versions of...