Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4130

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-4130
Last Modified 08 Dec 2011 12:00:00
Published 06 Dec 2011 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-4130

Summary

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

Vulnerable Systems

Application

  • Proftpd 1.2.0

  • Proftpd 1.2.1

  • Proftpd 1.2.10

  • Proftpd 1.2.2

  • Proftpd 1.2.3

  • Proftpd 1.2.4

  • Proftpd 1.2.5

  • Proftpd 1.2.6

  • Proftpd 1.2.7

  • Proftpd 1.2.8

  • Proftpd 1.2.9

  • Proftpd 1.3.0

  • Proftpd 1.3.1

  • Proftpd 1.3.2

  • Proftpd 1.3.3


References

CONFIRM - http://bugs.proftpd.org/show_bug.cgi?id=3711

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-328/

BID - 50631

CONFIRM - http://www.proftpd.org/docs/NEWS-1.3.3g


Last Updated: 27 May 2016 10:57:48