CVE-2011-4130 in lucid, maverick, natty
Bug #905252 reported by
Mahyuddin Susanto
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd-dfsg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://
- http://
- https:/
- http://
Effected:
- Lucid
- Maverick
- Natty
Oneiric not effected because we have 1.3.4~rc2-4 on archive
Changed in proftpd-dfsg (Ubuntu): | |
assignee: | nobody → Mahyuddin Susanto (udienz) |
status: | New → In Progress |
visibility: | private → public |
summary: |
- CVE-2011-4130 + CVE-2011-4130 in lucid, maverick, natty |
Changed in proftpd-dfsg (Ubuntu Maverick): | |
status: | Incomplete → In Progress |
Changed in proftpd-dfsg (Ubuntu Lucid): | |
status: | Incomplete → In Progress |
Changed in proftpd-dfsg (Ubuntu Oneiric): | |
status: | Incomplete → In Progress |
Changed in proftpd-dfsg (Ubuntu Natty): | |
status: | Incomplete → In Progress |
Changed in proftpd-dfsg (Ubuntu Maverick): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
Changed in proftpd-dfsg (Ubuntu Natty): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
Changed in proftpd-dfsg (Ubuntu Oneiric): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
Changed in proftpd-dfsg (Ubuntu Lucid): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
To post a comment you must log in.
Debdiff for Natty, according to DSA-2346-1 this is only for CVE-2011-4130 because mod_tls buffer bug has been applied in debian/ patches/ 3624.