Lucene search
GoogleOSV:DSA-2346-1HistoryNov 16, 2011 - 12:00 a.m.
proftpd-dfsg - several
2011-11-1600:00:00
Google
osv.dev
12
0.019 Low
EPSS
Percentile
88.4%
Several vulnerabilities were discovered in ProFTPD, an FTP server:
- (No CVE id)
ProFTPD incorrectly uses data from an unencrypted input buffer
after encryption has been enabled with STARTTLS, an issue
similar to
CVE-2011-0411.
- CVE-2011-4130
ProFTPD uses a response pool after freeing it under
exceptional conditions, possibly leading to remote code
execution. (The version in lenny is not affected by this
problem.)
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny9.
For the stable distribution (squeeze), this problem has been fixed in
version 1.3.3a-6squeeze4.
For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1.3.4~rc3-2.
We recommend that you upgrade your proftpd-dfsg packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| proftpd-dfsg | eq | 1.3.3a-6 | |
| proftpd-dfsg | eq | 1.3.3a-6squeeze1 |
References
Related
debian
debian
[SECURITY] [DSA 2346-1] proftpd-dfsg security update
2011-11-15 20:39:09
[SECURITY] [DSA 2233-1] postfix security update
2011-05-10 17:57:47
openvas
openvas
Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
2012-02-11 00:00:00
Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2346-2)
2012-02-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2346-1] proftpd-dfsg security update
2011-11-21 00:00:00
ProFTPD memory corruption
2011-11-21 00:00:00
Plaintext injection in STARTTLS (multiple implementations)
2011-03-10 00:00:00
nessus
nessus
Debian DSA-2346-2 : proftpd-dfsg - several vulnerabilities
2011-11-16 00:00:00
ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution
2011-11-28 00:00:00
Oracle Solaris Third-Party Patch Update : proftpd (cve_2011_4130_use_after)
2015-01-19 00:00:00
osv
osv
proftpd-dfsg - several
2011-11-16 00:00:00
nvd
nvd
seebug
seebug
ProFTPD Prior To 1.3.3g Use-After-Free θΏη¨δ»£η ζ§θ‘ζΌζ΄
2011-12-02 00:00:00
ProFTPDεεΊζ± ιζΎειη¨δ»£η ζ§θ‘ζΌζ΄
2011-12-07 00:00:00
slackware
slackware
[slackware-security] proftpd
2012-02-10 17:44:44
fedora
fedora
[SECURITY] Fedora 16 Update: proftpd-1.3.4-1.fc16
2011-11-19 05:59:54
[SECURITY] Fedora 15 Update: proftpd-1.3.4-1.fc15
2011-11-19 06:08:44
[SECURITY] Fedora 14 Update: pure-ftpd-1.0.30-1.fc14
2011-03-31 16:59:13
prion
prion
Design/Logic Flaw
2011-12-06 11:55:00
Command injection
2011-03-16 22:55:00
Command injection
2012-11-11 13:00:00
debiancve
debiancve
cvelist
cvelist
ubuntucve
ubuntucve
cve
cve
oraclelinux
oraclelinux
postfix security update
2011-04-06 00:00:00
postfix security update
2011-04-06 00:00:00
redhat
redhat
(RHSA-2011:0423) Moderate: postfix security update
2011-04-06 00:00:00
(RHSA-2011:0422) Moderate: postfix security update
2011-04-06 00:00:00
veracode
veracode
Command Injection
2020-04-10 00:54:06
hackerone
hackerone
PortSwigger Web Security: SMTP interaction theft via MITM
2020-08-07 11:29:14
freebsd
freebsd
postfix -- plaintext command injection with SMTP over TLS
2011-03-07 00:00:00
inn -- plaintext command injection into encrypted channel
2012-08-14 00:00:00
pureftpd -- multiple vulnerabilities
2011-04-01 00:00:00
checkpoint_advisories
checkpoint_advisories
centos
centos
postfix security update
2011-04-08 12:13:18
gentoo
gentoo
Postfix: Multiple vulnerabilities
2012-06-25 00:00:00
ubuntu
ubuntu
Postfix vulnerabilities
2011-04-18 00:00:00