Integer Overflow Vulnerability in ProFTPD's SFTP Module Impacting Remote Servers
CVE-2011-1137

Currently unrated

Key Information:

Vendor

Proftpd

Status
Proftpd
Vendor
CVE Published:
11 March 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2011-1137?

An integer overflow vulnerability exists in the SFTP module of ProFTPD versions prior to 1.3.3d. This flaw enables remote attackers to exploit a malformed SSH message, potentially resulting in excessive memory consumption. Successfully leveraging this vulnerability can lead to severe impacts, including denial of service attacks where the server may become unresponsive or suffer from an out-of-memory (OOM) condition.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-1137 - Proof of Concept

References

http://slackware.com/security/viewer.php?l=slackware-secu...
vendor-advisoryx_refsource_SLACKWARE
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/c...
x_refsource_CONFIRM
http://www.exploit-db.com/exploits/16129/
exploitx_refsource_EXPLOIT-DB

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.