Vulnerabilities > CVE-2011-4130 - Resource Management Errors vulnerability in Proftpd

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
proftpd
CWE-399
critical
nessus
NVD
Published: 2011-12-06
Updated: 2011-12-08

Summary

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

Vulnerable Configurations

Part Description Count
Application
Proftpd
62

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-181.NASL
    descriptionA vulnerability was discovered and fixed in proftpd : Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer (CVE-2011-4130). The updated packages have been upgraded to the latest version 1.3.3g which is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id57046
    published2011-12-08
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57046
    titleMandriva Linux Security Advisory : proftpd (MDVSA-2011:181)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_PROFTPD_20120119.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. (CVE-2011-4130)
    last seen2020-06-01
    modified2020-06-02
    plugin id80742
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80742
    titleOracle Solaris Third-Party Patch Update : proftpd (cve_2011_4130_use_after)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-041-04.NASL
    descriptionNew proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57895
    published2012-02-13
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57895
    titleSlackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : proftpd (SSA:2012-041-04)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-15 (ProFTPD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70111
    published2013-09-25
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70111
    titleGLSA-201309-15 : ProFTPD: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2346.NASL
    descriptionSeveral vulnerabilities were discovered in ProFTPD, an FTP server : - (No CVE id) ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue similar to CVE-2011-0411. - CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. (The version in lenny is not affected by this problem.)
    last seen2020-03-17
    modified2011-11-16
    plugin id56850
    published2011-11-16
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56850
    titleDebian DSA-2346-2 : proftpd-dfsg - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-19.NASL
    descriptionVulnerabilities were discovered for the proftpd packages in openSUSE version 12.1.
    last seen2020-06-01
    modified2020-06-02
    plugin id74521
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74521
    titleopenSUSE Security Update : proftpd (openSUSE-2011-19)
  • NASL familyFTP
    NASL idPROFTPD_1_3_3G.NASL
    descriptionThe remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.3g or 1.3.4. As such, it is potentially affected by a code execution vulnerability due to how the server manages the response pool that is used to send responses from the server to the client. A remote, authenticated attacker could leverage this issue to execute arbitrary code on the remote host, subject to the privileges of the user running the affected application. Note that Nessus did not actually test for the flaw but instead has relied on the version in ProFTPD
    last seen2020-03-28
    modified2011-11-28
    plugin id56956
    published2011-11-28
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56956
    titleProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-15741.NASL
    descriptionThis update, to the current (and final) release for the 1.3.3 maintenance branch, includes a pair of security fixes : - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption - Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420), in which a remote attacker could provide a specially crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56895
    published2011-11-22
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56895
    titleFedora 14 : proftpd-1.3.3g-1.fc14 (2011-15741)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-15765.NASL
    descriptionThis update, to the current upstream stable release, includes a pair of security fixes : - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption - Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130), in which a remote attacker could provide a specially crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56896
    published2011-11-22
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56896
    titleFedora 16 : proftpd-1.3.4-1.fc16 (2011-15765)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-15740.NASL
    descriptionThis update, to the current upstream stable release, includes a pair of security fixes : - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption - Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420, CVE-2011-4130), in which a remote attacker could provide a specially crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56894
    published2011-11-22
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56894
    titleFedora 15 : proftpd-1.3.4-1.fc15 (2011-15740)

Seebug

  • bulletinFamilyexploit
    descriptionCVE-2011-4130 ProFTPD的是一个远程代码执行漏洞, 允许攻击者执行任意代码。失败的攻击尝试将导致拒绝服务, 1.3.3g前的ProFTPD存在此漏洞 Red Hat Fedora 16 Red Hat Fedora 15 Red Hat Fedora 14 ProFTPD Project ProFTPD 1.3.3 rc2 ProFTPD Project ProFTPD 1.3.3 ProFTPD Project ProFTPD 1.3.2 rc3 ProFTPD Project ProFTPD 1.3.2 rc2 ProFTPD Project ProFTPD 1.3.2 ProFTPD Project ProFTPD 1.3.1 ProFTPD Project ProFTPD 1.3 rc3 ProFTPD Project ProFTPD 1.3 a ProFTPD Project ProFTPD 1.3 .0rc2 ProFTPD Project ProFTPD 1.3 .0rc1 ProFTPD Project ProFTPD 1.3 ProFTPD Project ProFTPD 1.2.10 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 ProFTPD Project ProFTPD 1.2.9 rc3 ProFTPD Project ProFTPD 1.2.9 rc2 ProFTPD Project ProFTPD 1.2.9 rc1 ProFTPD Project ProFTPD 1.2.9 + Mandriva Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 + OpenPKG OpenPKG 1.3 + OpenPKG OpenPKG Current + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Slackware Linux -current ProFTPD Project ProFTPD 1.2.8 rc2 ProFTPD Project ProFTPD 1.2.8 rc1 ProFTPD Project ProFTPD 1.2.8 + Slackware Linux 9.0 + Slackware Linux 8.1 + Slackware Linux -current ProFTPD Project ProFTPD 1.2.7 rc3 ProFTPD Project ProFTPD 1.2.7 rc2 ProFTPD Project ProFTPD 1.2.7 rc1 ProFTPD Project ProFTPD 1.2.7 + Sun Cobalt Qube 3 ProFTPD Project ProFTPD 1.2.6 ProFTPD Project ProFTPD 1.2.5 rc1 ProFTPD Project ProFTPD 1.2.5 ProFTPD Project ProFTPD 1.2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 ProFTPD Project ProFTPD 1.2.3 ProFTPD Project ProFTPD 1.2.2 rc3 ProFTPD Project ProFTPD 1.2.2 rc1 ProFTPD Project ProFTPD 1.2.2 ProFTPD Project ProFTPD 1.2.1 ProFTPD Project ProFTPD 1.2 pre9 ProFTPD Project ProFTPD 1.2 pre8 ProFTPD Project ProFTPD 1.2 pre7 ProFTPD Project ProFTPD 1.2 pre6 ProFTPD Project ProFTPD 1.2 pre5 ProFTPD Project ProFTPD 1.2 pre4 ProFTPD Project ProFTPD 1.2 pre3 ProFTPD Project ProFTPD 1.2 pre2 ProFTPD Project ProFTPD 1.2 pre11 ProFTPD Project ProFTPD 1.2 pre10 ProFTPD Project ProFTPD 1.2 pre1 ProFTPD Project ProFTPD 1.2 .0rc3 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Conectiva Linux 5.1 + Conectiva Linux 5.0 + Conectiva Linux graficas + Conectiva Linux ecommerce + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 ProFTPD Project ProFTPD 1.2 .0rc2 ProFTPD Project ProFTPD 1.2 .0rc1 ProFTPD Project ProFTPD 1.2 + Cobalt Qube 3.0 + Cobalt Qube 2.0 + Cobalt RaQ 3.0 + Cobalt RaQ 2.0 + Cobalt RaQ 1.1 ProFTPD Project ProFTPD 1.3.3c ProFTPD Project ProFTPD 1.3.2c ProFTPD Project ProFTPD 1.3.2b ProFTPD Project ProFTPD 1.3.2a Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 厂商补丁: proftpd ------ 目前厂商提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://proftpd.org
    idSSV:24282
    last seen2017-11-19
    modified2011-12-02
    published2011-12-02
    reporterRoot
    titleProFTPD Prior To 1.3.3g Use-After-Free 远程代码执行漏洞
  • bulletinFamilyexploit
    descriptionCVE ID: CVE-2011-4130 ProFTPD是免费的Unix和Linux FTP服务器。 ProFTPD在管理响应池的方式上存在代码执行漏洞,远程已验证攻击者可利用此漏洞在远程主机上执行任意代码。 ProFTPD &lt; 1.3.3g / 1.3.4 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.proftpd.org/
    idSSV:26016
    last seen2017-11-19
    modified2011-12-07
    published2011-12-07
    reporterRoot
    titleProFTPD响应池释放后重用代码执行漏洞

References