Check Point Advisories

Preemptive Protection against ProFTPD FTP Server TELNET_AIC Stack Buffer Overflow

Check Point Reference: CPAI-2010-172
Date Published: 10 Dec 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA42052
Industry Reference:

CVE-2010-4221

Protection Provided by:
Who is Vulnerable? ProFTPD Project ProFTPD prior to 1.3.3.c
Vulnerability Description A buffer overflow vulnerability was reported in ProFTPD FTP Server, a full featured File Transfer Protocol (FTP) server mainly used in Linux distributions. The vulnerability is due to insufficient validation of user input. Remote attackers could exploit this vulnerability by sending a crafted FTP command to the target server. If successful, the attacker could execute arbitrary code with the privileges of the user.
Update/Patch AvaliableProFTPD has released an advisory to address this vulnerability.
Vulnerability DetailsA stack buffer overflow vulnerability exists in ProFTPD FTP Server. The vulnerability is due to the way boundary checks are implemented when processing Telnet escape sequences (IAC) while parsing FTP commands.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK