oss-sec mailing list archives

Re: Proftpd pre-authentication buffer overflow in Telnet code

From: Josh Bressers <bressers () redhat com>
Date: Mon, 1 Nov 2010 16:55:31 -0400 (EDT)


----- "Florian Weimer" <fw () deneb enyo de> wrote:

I haven't seen a CVE/patch/discussion for this issue yet:

| 1.3.3c
| ---------
| 
|   + Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)

<http://proftpd.org/docs/RELEASE_NOTES-1.3.3c>


I'm not assigning this an ID at this time. We'll see if it already has one.


This:

|  + Fixed directory traversal bug in mod_site_misc

is <http://bugs.proftpd.org/show_bug.cgi?id=3519> and also seems to
lack a CVE assignment.


Use CVE-2010-3867


I don't know yet if the following is a security fix:

|  + Fixed SQLite authentications using "SQLAuthType Backend"


Even if it is, I have no idea what sort of flaw this would be. Does anyone
else know?

Thanks.

-- 
    JB

Current thread:

Proftpd pre-authentication buffer overflow in Telnet code Florian Weimer (Nov 01)
- Re: Proftpd pre-authentication buffer overflow in Telnet code Josh Bressers (Nov 01)