CVE-2011-4130
Published: 6 December 2011
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
Notes
| Author | Note |
|---|---|
| jdstrand | 1.3.1 is known not to be affected (see DSA-2346-1) DSA-2346-1 introduced a regression code not affected in 11.10 per udienz |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
proftpd-dfsg Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
(1.3.4~rc3-2)
|
|
| quantal |
Not vulnerable
(1.3.4~rc3-2)
|
|
| raring |
Not vulnerable
(1.3.4~rc3-2)
|
|
| saucy |
Not vulnerable
(1.3.4~rc3-2)
|
|
| upstream |
Released
(1.3.4~rc3-2)
|
|
|
Patches: vendor: http://lists.debian.org/debian-security-announce/2011/msg00223.html vendor: http://lists.debian.org/debian-security-announce/2011/msg00224.html |
||