The Zero Day Initiative in ProFTPD closed. The Project developers have released versions 1.3.3g and 1.3.4 of their open source FTP server. Previously ProFTPD 1.3.4 addresses a critical use-after-free memory corruption error in the response API code. In the official release note The ProFTPD Project developers has confirmed that Telnet IAC stack overflow vulnerability has been fixed.
Brief About The Vulnerability:-
This vulnerability is located within the ProFTPd daemon and occurs due to the way the server manages pools that are used for responses send by the server to the client. When attempting to handle an exceptional condition the server will fail to restore a pointer that is used to contain an ftp response, and as such can be used to trigger a controlled memory corruption.
The core of this vulnerability is described in the following function which is located in src/main.c. The r_cmd_dispatch_phase function is responsible for dispatching calls to any of the commands that are registered in the proftpd modules/ list. Upon entry of this function, the server essentially pushes the state of the resp_pool for it to be restored upon return. However, if an error occurs while executing a precmd the server will fail to restore the state. These are done with the pr_response_get_pool() and pr_response_set_pool(...)
functions.
Now the new Versions of ProFTPD, I mean 1.3.3g and 1.3.4 of ProFTPD are available.
To download them click Here
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
download
,
NEWS
,
vulnerablity