CVE-2010-3867

Published: 09 November 2010

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.

Priority

Medium

Status

Package Release Status
proftpd
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3c)
Patches:
upstream: http://bugs.proftpd.org/attachment.cgi?id=3432
proftpd-dfsg
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3c)
Patches:
upstream: http://bugs.proftpd.org/attachment.cgi?id=3432