MDVSA-2010:227 -- Mandriva proftpdID: oval:org.secpod.oval:def:301153 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in proftpd: Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a SITE MKDIR, SITE RMDIR, SITE SYMLINK, or SITE UTIME command . Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a FTP or FTPS server . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |