Bug 24471 - ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities
Summary: ProFTPD Directory Traversal and Buffer Overflow Vulnerabilities
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: proftpd (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Afanasov Dmitry
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/42052/
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-11-01 16:08 MSK by Vladimir Lettiev
Modified: 2010-11-04 12:38 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-11-01 16:08:54 MSK 
Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to manipulate certain data and malicious people to compromise a vulnerable system.

1) A logic error within the "pr_netio_telnet_gets()" function in src/netio.c when processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service.

Successful exploitation may allow execution of arbitrary code.

2) An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory.

Successful exploitation requires that ProFTPD is compiled with the "mod_site_misc" module and the attacker has write access to a directory.

Fixed in 1.3.3c
Comment 1 Afanasov Dmitry 2010-11-01 16:14:20 MSK 
до завтра отправлю
P.S. блин, я ж смотрел!
Comment 2 Repository Robot 2010-11-04 12:38:45 MSK 
proftpd-1.3.3rel-alt2 -> sisyphus:

* Thu Nov 04 2010 Afanasov Dmitry <ender@altlinux> 1.3.3rel-alt2
- 1.3.3c stable release (closes: #24471)