1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2011-4130
PublicDate: 2011-12-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
Description:
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
Ubuntu-Description:
Notes:
jdstrand> 1.3.1 is known not to be affected (see DSA-2346-1)
jdstrand> DSA-2346-1 introduced a regression
jdstrand> code not affected in 11.10 per udienz
Bugs:
Priority: medium
Discovered-by:
Assigned-to: udienz
Patches_proftpd-dfsg:
vendor: http://lists.debian.org/debian-security-announce/2011/msg00223.html
vendor: http://lists.debian.org/debian-security-announce/2011/msg00224.html
upstream_proftpd-dfsg: released (1.3.4~rc3-2)
hardy_proftpd-dfsg: not-affected
lucid_proftpd-dfsg: ignored (reached end-of-life)
maverick_proftpd-dfsg: ignored (reached end-of-life)
natty_proftpd-dfsg: ignored (reached end-of-life)
oneiric_proftpd-dfsg: not-affected
precise_proftpd-dfsg: not-affected (1.3.4~rc3-2)
quantal_proftpd-dfsg: not-affected (1.3.4~rc3-2)
raring_proftpd-dfsg: not-affected (1.3.4~rc3-2)
saucy_proftpd-dfsg: not-affected (1.3.4~rc3-2)
devel_proftpd-dfsg: not-affected (1.3.4~rc3-2)
|