CVE-2010-4221 : Multiple stack-based buffer overflows in the pr_netio_telnet

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Published 2010-11-09 21:00:06

Updated 2011-09-15 03:18:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2010-4221

Proftpd » Proftpd » Version: 1.3.3 Update RC1
cpe:2.3:a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC4
cpe:2.3:a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2
cpe:2.3:a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update C
cpe:2.3:a:proftpd:proftpd:1.3.2:c:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3
cpe:2.3:a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update A
cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update A
cpe:2.3:a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update B
cpe:2.3:a:proftpd:proftpd:1.3.2:b:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC3
cpe:2.3:a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC4
cpe:2.3:a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC3
cpe:2.3:a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC2
cpe:2.3:a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update D
cpe:2.3:a:proftpd:proftpd:1.3.2:d:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update E
cpe:2.3:a:proftpd:proftpd:1.3.2:e:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update B
cpe:2.3:a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2010-4221

Top countries where our scanners detected CVE-2010-4221

Top open port discovered on systems with this issue 21

IPs affected by CVE-2010-4221 32,405

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-4221!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-4221

EPSS FAQ

92.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2010-4221

ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)

Disclosure Date: 2010-11-01

First seen: 2020-04-26

exploit/linux/ftp/proftp_telnet_iac

This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. The Debian S

More information
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

Disclosure Date: 2010-11-01

First seen: 2020-04-26

exploit/freebsd/ftp/proftp_telnet_iac

This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. Authors: - j

More information

CVSS scores for CVE-2010-4221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-4221

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-4221

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html

[SECURITY] Fedora 13 Update: proftpd-1.3.3c-1.fc13

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html

[SECURITY] Fedora 12 Update: proftpd-1.3.3c-1.fc12

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227

mandriva.com

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html

[SECURITY] Fedora 14 Update: proftpd-1.3.3c-1.fc14

CVEs referencing this url
http://www.proftpd.org/docs/NEWS-1.3.3c

404 Not Found

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/2941

Webmail | OVH- OVH

CVEs referencing this url
http://www.securityfocus.com/bid/44562

ProFTPD Multiple Remote Vulnerabilities
Exploit

CVEs referencing this url
http://bugs.proftpd.org/show_bug.cgi?id=3521

Bug 3521 – Telnet IAC processing stack overflow
Exploit
http://www.zerodayinitiative.com/advisories/ZDI-10-229/

ZDI-10-229 | Zero Day Initiative
http://www.vupen.com/english/advisories/2010/2962

Webmail | OVH- OVH

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/2959

Webmail | OVH- OVH

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2010-4221