Date: Wed, 10 Nov 2010 17:50:10 GMT From: Tom Judge <tom@tomjudge.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: misc/152100: found an exploit on freebsd, "known to work" , in an infected (linux) machine Message-ID: <201011101750.oAAHoAeU059506@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/152100; it has been noted by GNATS. From: Tom Judge <tom@tomjudge.com> To: Michel van Gruijthuijsen <mistige@gmail.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/152100: found an exploit on freebsd, "known to work" , in an infected (linux) machine Date: Wed, 10 Nov 2010 11:48:44 -0600 This is a multi-part message in MIME format. --------------070004060805040004020007 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sorry that should have been: http://www.zerodayinitiative.com/advisories/ZDI-10-229/ Not the aforementioned CVE. Attached is a vuxml entry for this. Tom -- TJU13-ARIN --------------070004060805040004020007 Content-Type: text/plain; name="vuln.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="vuln.txt" <vuln vid="aa9bf1e5-eced-11df-a00a-000c29d1636d"> <topic>ProFTPD TELNET_IAC Remote Code Execution Vulnerability </topic> <affects> <package> <name>proftpd</name> <name>proftpd-devel</name> <name>proftpd-mysql</name> <range> <lt>1.3.3c</lt> </range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Anonymous reports:</p> <blockquote cite="http://www.zerodayinitiative.com/advisories/ZDI-10-229/">; <p>This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a TELNET_IAC escape sequence is encountered the process miscalculates a buffer length counter value allowing a user controlled copy of data to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the proftpd process.</p> </blockquote> </body> </description> <references> <freebsdpr>ports/152100</freebsdpr> <url>http://www.zerodayinitiative.com/advisories/ZDI-10-229/</url>; </references> <dates> <discovery>2010-9-24</discovery> <entry>2010-11-10</entry> </dates> </vuln> --------------070004060805040004020007--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011101750.oAAHoAeU059506>