ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability Network Vulnerability

Summary

ProFTPD is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. ProFTPD prior to 1.3.3g are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.proftpd.org/show_bug.cgi?id=3711
http://www.proftpd.org
http://www.securityfocus.com/bid/50631
http://www.zerodayinitiative.com/advisories/ZDI-11-328/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4130
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

3D FTP Client Directory Traversal Vulnerability
Multiple WarFTPd DoS
wu-ftpd S/KEY authentication overflow
PCMan's FTP Server Multiple Vulnerabilities
SmartFTP Filename Processing Unspecified Vulnerability

Take action and discover your vulnerabilities