Body Background
TrendAI™ Zero Day Initiative™ Logo

ProFTPD Response Pool Use-After-Free Remote Code Execution Vulnerability

November 11th, 2011
ZDI-11-328 ZDI-CAN-1420

CVE ID

CVSS Score

9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Affected Vendors

ProFTPD

Affected Products

FTP Server

Vulnerability Details


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set.

The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.

Additional Details

ProFTPD has issued an update to correct this vulnerability. More details can be found at:
http://bugs.proftpd.org/show_bug.cgi?id=3711

Disclosure Timeline

  • 2011-10-28 - Vulnerability reported to vendor
  • 2011-11-11 - Coordinated public release of advisory

Credit

Anonymous

Back to Advisories

Hero Background

Stand at the front line of proactive security

Trend ZDI connects the experts who discover, remediate, and defend.
Add your voice to the work that pushes attackers back.

RESEARCHERS

Submit a vulnerability

VENDORS

Learn how it works

ORGANIZATIONS

See how you're protected