55 matches found
ProFTPD < 1.3.0a Multiple Vulnerabilities
The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.0a. As such, it may be affected by one or more of the following vulnerabilities : - An off-by-one string manipulation flaw exist...
ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
No description provided by source. / Anti-modTLS-0day version 2 ProFTPd .. + modtls remote-root-0day-exploit main advantages of this exploit: 1 No patched modtls versions yet 2 This is a preauthentication bug 3 Bruteforcing option eheheheee main disadvantages: ...
ProFTPd 1.x - mod_tls Remote Buffer Overflow
ProFTPd 1.x - modtls Remote Buffer Overflow / Anti-modTLS-0day version 2 ProFTPd .. + modtls remote-root-0day-exploit main advantages of this exploit: 1 No patched modtls versions yet 2 This is a preauthentication bug 3 Bruteforcing option eheheheee main disadvantages: 2 Target mechanism isn't ve...
proftpd-overflow.txt
/ Anti-modTLS-0day version 2 ProFTPd .. + modtls remote-root-0day-exploit main advantages of this exploit: 1 No patched modtls versions yet 2 This is a preauthentication bug 3 Bruteforcing option eheheheee main disadvantages: 2 Target mechanism isn't very well, cause exploitation depends on libra...
ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
Exploit for linux platform in category remote exploits =========================================================== ProFTPD 1.x module modtls Remote Buffer Overflow Exploit =========================================================== / Anti-modTLS-0day version 2 ProFTPd .. + modtls...
Mandrake Linux Security Advisory : proftpd (MDKSA-2006:217-1)
A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier, allows remote attackers to cause a denial of service, as demonstrated by vdproftpd.pm, a 'ProFTPD remote exploit.' CVE-2006-5815 Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in...
GLSA-200611-26 : ProFTPD: Remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200611-26 ProFTPD: Remote execution of arbitrary code Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two...
[SECURITY] [DSA 1222-1] New proftpd packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1222-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 30th, 2006 http://www.debian.org/security/faq -...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6170
ProFTPD 1.3.0a and earlier are affected by buffer overflow vulnerabilities: CVE-2006-6170 (tls_x509_name_oneline in mod_tls) can allow remote code execution via a large data length; CVE-2006-5815 (sreplace) may also enable code execution via a crafted FTP sequence; CVE-2006-6171 relates to comman...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
CVE-2006-6170
Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...
ProFTPD mod_tls预认证远程缓冲区溢出漏洞
ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块modtls在处理用户认证时存在缓冲溢出漏洞,远程攻击者可能利用此漏洞完全控制服务器。 ProFTPD的modtls模块的tlsx509nameoneline函数中存在远程溢出漏洞,允许远程未经认证的攻击者获得root用户权限。漏洞相关的代码如下: contrib/modtls.c: """ static char tlsx509nameonelineX509NAME x509name static char buf256 = '\0'; / If we are using OpenSSL 0.9.6 or newer,...