Skip to main content

ProFTPD Response Pool Use-After-Free Vulnerability

Last Update Date: 14 Nov 2011 Release Date: 11 Nov 2011 5906 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in ProFTPD, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a use-after-free error when handling response pool allocation lists and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • ProFTPD 1.3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.3.3g or 1.3.4.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link