ProFTPD Prior To 1.3.3g Use-After-Free 远程代码执行漏洞

SSV-ID: 24282
Published: 2011-12-02

Affected Product:

Red Hat Fedora 16
Red Hat Fedora 15
Red Hat Fedora 14
ProFTPD Project ProFTPD 1.3.3 rc2
ProFTPD Project ProFTPD 1.3.3
ProFTPD Project ProFTPD 1.3.2 rc3
ProFTPD Project ProFTPD 1.3.2 rc2
ProFTPD Project ProFTPD 1.3.2
ProFTPD Project ProFTPD 1.3.1
ProFTPD Project ProFTPD 1.3 rc3
ProFTPD Project ProFTPD 1.3 a
ProFTPD Project ProFTPD 1.3 .0rc2
ProFTPD Project ProFTPD 1.3 .0rc1
ProFTPD Project ProFTPD 1.3
ProFTPD Project ProFTPD 1.2.10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
ProFTPD Project ProFTPD 1.2.9 rc3
ProFTPD Project ProFTPD 1.2.9 rc2
ProFTPD Project ProFTPD 1.2.9 rc1
ProFTPD Project ProFTPD 1.2.9
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG Current
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux -current
ProFTPD Project ProFTPD 1.2.8 rc2
ProFTPD Project ProFTPD 1.2.8 rc1
ProFTPD Project ProFTPD 1.2.8
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux -current
ProFTPD Project ProFTPD 1.2.7 rc3
ProFTPD Project ProFTPD 1.2.7 rc2
ProFTPD Project ProFTPD 1.2.7 rc1
ProFTPD Project ProFTPD 1.2.7
+ Sun Cobalt Qube 3
ProFTPD Project ProFTPD 1.2.6
ProFTPD Project ProFTPD 1.2.5 rc1
ProFTPD Project ProFTPD 1.2.5
ProFTPD Project ProFTPD 1.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
ProFTPD Project ProFTPD 1.2.3
ProFTPD Project ProFTPD 1.2.2 rc3
ProFTPD Project ProFTPD 1.2.2 rc1
ProFTPD Project ProFTPD 1.2.2
ProFTPD Project ProFTPD 1.2.1
ProFTPD Project ProFTPD 1.2 pre9
ProFTPD Project ProFTPD 1.2 pre8
ProFTPD Project ProFTPD 1.2 pre7
ProFTPD Project ProFTPD 1.2 pre6
ProFTPD Project ProFTPD 1.2 pre5
ProFTPD Project ProFTPD 1.2 pre4
ProFTPD Project ProFTPD 1.2 pre3
ProFTPD Project ProFTPD 1.2 pre2
ProFTPD Project ProFTPD 1.2 pre11
ProFTPD Project ProFTPD 1.2 pre10
ProFTPD Project ProFTPD 1.2 pre1
ProFTPD Project ProFTPD 1.2 .0rc3
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
ProFTPD Project ProFTPD 1.2 .0rc2
ProFTPD Project ProFTPD 1.2 .0rc1
ProFTPD Project ProFTPD 1.2
+ Cobalt Qube 3.0
+ Cobalt Qube 2.0
+ Cobalt RaQ 3.0
+ Cobalt RaQ 2.0
+ Cobalt RaQ 1.1
ProFTPD Project ProFTPD 1.3.3c
ProFTPD Project ProFTPD 1.3.2c
ProFTPD Project ProFTPD 1.3.2b
ProFTPD Project ProFTPD 1.3.2a
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Details:

CVE-2011-4130

ProFTPD的是一个远程代码执行漏洞,

允许攻击者执行任意代码。失败的攻击尝试将导致拒绝服务,

1.3.3g前的ProFTPD存在此漏洞

SebugSolutions:

厂商补丁:

proftpd
------
目前厂商提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://proftpd.org
@Sebug.net [ 2011-12-02 ]