oss-sec mailing list archives

Proftpd pre-authentication buffer overflow in Telnet code

From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 01 Nov 2010 21:34:24 +0100

I haven't seen a CVE/patch/discussion for this issue yet:

| 1.3.3c
| ---------
| 
|   + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)

<http://proftpd.org/docs/RELEASE_NOTES-1.3.3c>

This:

|  + Fixed directory traversal bug in mod_site_misc

is <http://bugs.proftpd.org/show_bug.cgi?id=3519> and also seems to
lack a CVE assignment.

I don't know yet if the following is a security fix:

|  + Fixed SQLite authentications using "SQLAuthType Backend"

Current thread:

Proftpd pre-authentication buffer overflow in Telnet code Florian Weimer (Nov 01)
- Re: Proftpd pre-authentication buffer overflow in Telnet code Josh Bressers (Nov 01)