Candidate: CVE-2011-4130
PublicDate: 2011-12-06 11:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
Description:
 Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
 allows remote authenticated users to execute arbitrary code via vectors
 involving an error that occurs after an FTP data transfer.
Ubuntu-Description: 
Notes: 
 jdstrand> 1.3.1 is known not to be affected (see DSA-2346-1)
 jdstrand> DSA-2346-1 introduced a regression
 jdstrand> code not affected in 11.10 per udienz
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: udienz
CVSS: 

Patches_proftpd-dfsg:
 vendor: http://lists.debian.org/debian-security-announce/2011/msg00223.html
 vendor: http://lists.debian.org/debian-security-announce/2011/msg00224.html
upstream_proftpd-dfsg: released (1.3.4~rc3-2)
hardy_proftpd-dfsg: not-affected
lucid_proftpd-dfsg: ignored (reached end-of-life)
maverick_proftpd-dfsg: ignored (reached end-of-life)
natty_proftpd-dfsg: ignored (reached end-of-life)
oneiric_proftpd-dfsg: not-affected
precise_proftpd-dfsg: not-affected (1.3.4~rc3-2)
quantal_proftpd-dfsg: not-affected (1.3.4~rc3-2)
raring_proftpd-dfsg: not-affected (1.3.4~rc3-2)
saucy_proftpd-dfsg: not-affected (1.3.4~rc3-2)
devel_proftpd-dfsg: not-affected (1.3.4~rc3-2)