CVE-2010-4221 : Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow rem

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

Published 2010-11-09 21:00:06

Updated 2011-09-15 03:18:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Threat overview for CVE-2010-4221

Top countries where our scanners detected CVE-2010-4221

Top open port discovered on systems with this issue 21

IPs affected by CVE-2010-4221 32,405

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-4221!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-4221

Probability of exploitation activity in the next 30 days: 96.41%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-4221

ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)

Disclosure Date: 2010-11-01

First seen: 2020-04-26

exploit/linux/ftp/proftp_telnet_iac

This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. The Debian S

More information
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

Disclosure Date: 2010-11-01

First seen: 2020-04-26

exploit/freebsd/ftp/proftp_telnet_iac

This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. Authors: - j

More information

CVSS scores for CVE-2010-4221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-4221

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-4221

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html

[SECURITY] Fedora 13 Update: proftpd-1.3.3c-1.fc13

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html

[SECURITY] Fedora 12 Update: proftpd-1.3.3c-1.fc12

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2010:227

mandriva.com

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html

[SECURITY] Fedora 14 Update: proftpd-1.3.3c-1.fc14

CVEs referencing this url
http://www.proftpd.org/docs/NEWS-1.3.3c

404 Not Found

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/2941

Webmail | OVH- OVH

CVEs referencing this url
http://www.securityfocus.com/bid/44562

ProFTPD Multiple Remote Vulnerabilities
Exploit

CVEs referencing this url
http://bugs.proftpd.org/show_bug.cgi?id=3521

Bug 3521 – Telnet IAC processing stack overflow
Exploit
http://www.zerodayinitiative.com/advisories/ZDI-10-229/

ZDI-10-229 | Zero Day Initiative
http://www.vupen.com/english/advisories/2010/2962

Webmail | OVH- OVH

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/2959

Webmail | OVH- OVH

CVEs referencing this url

Products affected by CVE-2010-4221

Proftpd » Proftpd » Version: 1.3.3 Update RC1
cpe:2.3:a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC4
cpe:2.3:a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2
cpe:2.3:a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update C
cpe:2.3:a:proftpd:proftpd:1.3.2:c:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3
cpe:2.3:a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update A
cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update A
cpe:2.3:a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update B
cpe:2.3:a:proftpd:proftpd:1.3.2:b:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC3
cpe:2.3:a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC4
cpe:2.3:a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update RC3
cpe:2.3:a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update RC2
cpe:2.3:a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update D
cpe:2.3:a:proftpd:proftpd:1.3.2:d:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.2 Update E
cpe:2.3:a:proftpd:proftpd:1.3.2:e:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd » Version: 1.3.3 Update B
cpe:2.3:a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-4221