Use-After-Free Vulnerability in ProFTPD by ProFTPD Project
CVE-2011-4130

Currently unrated

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 6 December 2011

What is CVE-2011-4130?

The use-after-free vulnerability in the Response API of ProFTPD versions prior to 1.3.3g enables remote authenticated users to execute arbitrary code. This flaw arises from mishandling an error that occurs after an FTP data transfer, potentially allowing an attacker to exploit the system and gain unauthorized access to critical resources.

References

http://bugs.proftpd.org/show_bug.cgi?id=3711

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-11-328/

x_refsource_MISC

http://www.proftpd.org/docs/NEWS-1.3.3g

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 6, 2011
Vulnerability Reserved
Oct 18, 2011

JSON

Proftpd

What is CVE-2011-4130?

References

Timeline