The Zero Day Initiative in ProFTPD closed. The Project developers have released versions 1.3.3g and 1.3.4 of their open source FTP server. Previously ProFTPD 1.3.4 addresses a critical use-after-free memory corruption error in the response API code. In the official release note The ProFTPD Project developers has confirmed that Telnet IAC stack overflow vulnerability has been fixed.
Brief About The Vulnerability:-
This vulnerability is located within the ProFTPd daemon and occurs due to the way the server manages pools that are used for responses send by the server to the client. When attempting to handle an exceptional condition the server will fail to restore a pointer that is used to contain an ftp response, and as such can be used to trigger a controlled memory corruption.
The core of this vulnerability is described in the following function which is located in src/main.c. The r_cmd_dispatch_phase function is responsible for dispatching calls to any of the commands that are registered in the proftpd modules/ list. Upon entry of this function, the server essentially pushes the state of the resp_pool for it to be restored upon return. However, if an error occurs while executing a precmd the server will fail to restore the state. These are done with the pr_response_get_pool() and pr_response_set_pool(...)
functions.
Now the new Versions of ProFTPD, I mean 1.3.3g and 1.3.4 of ProFTPD are available.
To download them click Here
Posts
