Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-4221

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Related bugs and status

CVE-2010-4221 (Candidate) is related to these bugs:

Bug #674646: Telnet IAC processing stack overflow

Summary				In	Importance	Status
	674646	Telnet IAC processing stack overflow		proftpd-dfsg (Ubuntu)	Undecided	Fix Released

Bug #674798: Backport proftpd security fixes

Summary				In	Importance	Status
	674798	Backport proftpd security fixes		proftpd-dfsg (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.zerodayinit...
CONFIRM: http://bugs.proftpd.or...
CONFIRM: http://www.proftpd.org...
BID: 44562
SECUNIA: 42052
FEDORA: FEDORA-2010-17091
FEDORA: FEDORA-2010-17098
FEDORA: FEDORA-2010-17220
MANDRIVA: MDVSA-2010:227
SECUNIA: 42217
VUPEN: ADV-2010-2941
VUPEN: ADV-2010-2959
VUPEN: ADV-2010-2962