CVE-2010-4221

Published: 09 November 2010

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Priority

High

Status

Package Release Status
proftpd
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3c)
proftpd-dfsg
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3c)