Lucene search
RootSSV:20226HistoryNov 03, 2010 - 12:00 a.m.
ProFTPD多个模块目录遍历和缓冲区溢出漏洞
2010-11-0300:00:00
Root
www.seebug.org
334
0.006 Low
EPSS
Percentile
77.9%
BUGTRAQ ID: 44562
CVE ID: CVE-2010-3867
ProFTPD是一款开放源代码FTP服务程序。
ProFTPD的src/netio.c文件中的pr_netio_telnet_gets()函数在处理包含有Telnet IAC转义序列的用户输入时存在栈溢出,远程攻击者可以通过向FTP或FTPS服务提交恶意输入导致执行任意代码。
此外mod_site_misc模块中存在多个输入验证错误,攻击者可以通过目录遍历攻击写入或删除任意目录、创建符号链接或更改文件时间。
ProFTPD Project ProFTPD 1.3.x
厂商补丁:
ProFTPD Project
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
cve
cve
CVE-2010-3867
2010-11-09 21:00:04
openvas
openvas
Slackware Advisory SSA:2010-305-03 proftpd
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2010-305-03)
2012-09-10 00:00:00
ProFTPD Multiple Remote Vulnerabilities
2010-11-30 00:00:00
debiancve
debiancve
CVE-2010-3867
2010-11-09 21:00:04
nessus
nessus
Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : proftpd (SSA:2010-305-03)
2010-11-02 00:00:00
ProFTPD < 1.3.3c Multiple Vulnerabilities
2010-11-10 00:00:00
Fedora 12 : proftpd-1.3.3c-1.fc12 (2010-17220)
2010-11-12 00:00:00
packetstorm
packetstorm
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow
2010-11-05 00:00:00
prion
prion
Directory traversal
2010-11-09 21:00:00
slackware
slackware
[slackware-security] proftpd
2010-11-02 01:48:11
cvelist
cvelist
CVE-2010-3867
2010-11-09 20:00:00
nvd
nvd
CVE-2010-3867
2010-11-09 21:00:04
ubuntucve
ubuntucve
CVE-2010-3867
2010-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: proftpd-1.3.3c-1.fc13
2010-11-10 21:46:59
[SECURITY] Fedora 14 Update: proftpd-1.3.3c-1.fc14
2010-11-10 21:42:35
[SECURITY] Fedora 13 Update: proftpd-1.3.3d-1.fc13
2011-01-28 19:18:02
securityvulns
securityvulns
ProFTPD security vulnerabilities
2010-11-15 00:00:00
[ MDVSA-2010:227 ] proftpd
2010-11-15 00:00:00
osv
osv
proftpd-dfsg - several
2011-03-14 00:00:00
debian
debian
[SECURITY] [DSA 2191-1] proftpd security update
2011-03-14 18:47:59
gentoo
gentoo
ProFTPD: Multiple vulnerabilities
2013-09-24 00:00:00