‘ProFTPD Response Pool Use-After-Free Code Execution Vulnerability’

Published on January 31st, 2012
Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.’

Credit:

‘The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-328/


Details

Vulnerable Systems:
 * ProFTPD FTP Server

Authentication is required to exploit this vulnerability in order to have access to the ftp command set.

The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.

Patch Availability:
ProFTPD has issued an update to correct this vulnerability. More details can be found at:
http://bugs.proftpd.org/show_bug.cgi?id=3711

CVE Information:
CVE-2011-3161

Disclosure Timeline:
2011-10-28 – Vulnerability reported to vendor
2011-11-11 – Coordinated public release of advisory’

Categories: UNIX
Tags:

Related Posts

UNIX

‘Insight Control for Linux Multiple Vulnerabilities’

'Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.'

UNIX

‘HP-UX Running NFS/ONCplus Denial of Service Vulnerability’

'A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX.'

UNIX

‘HP-UX Running BIND Denial of Service Vulnerability 2011’

'A potential security vulnerability has been identified with HP-UX running BIND.'