proftpd
Page content
- Author: voroskoi
- Vulnerable: 1.3.0-3siwenna1
- Unaffected: 1.3.0-4siwenna1
Evgeny Legerov has reported a vulnerability in the mod_tls module for ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “tls_x509_name_oneline()” function in contrib/mod_tls.c. This can be exploited to cause a buffer overflow by sending specially crafted data to a server. Successful exploitation may allow execution of arbitrary code, but requires that ProFTPD uses the mod_tls module.
- Bug Tracker URL: http://bugs.frugalware.org/task/1499