CVE-2011-4130

EUVD-2011-4078
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
proftpdproftpd
𝑥
≤ 1.3.3
proftpdproftpd
1.2.0
proftpdproftpd
1.2.0:pre10
proftpdproftpd
1.2.0:pre9
proftpdproftpd
1.2.0:rc1
proftpdproftpd
1.2.0:rc2
proftpdproftpd
1.2.0:rc3
proftpdproftpd
1.2.1
proftpdproftpd
1.2.2
proftpdproftpd
1.2.2:rc1
proftpdproftpd
1.2.2:rc2
proftpdproftpd
1.2.2:rc3
proftpdproftpd
1.2.3
proftpdproftpd
1.2.4
proftpdproftpd
1.2.5
proftpdproftpd
1.2.5:rc1
proftpdproftpd
1.2.5:rc2
proftpdproftpd
1.2.5:rc3
proftpdproftpd
1.2.6
proftpdproftpd
1.2.6:rc1
proftpdproftpd
1.2.6:rc2
proftpdproftpd
1.2.7
proftpdproftpd
1.2.7:rc1
proftpdproftpd
1.2.7:rc2
proftpdproftpd
1.2.7:rc3
proftpdproftpd
1.2.8
proftpdproftpd
1.2.8:rc1
proftpdproftpd
1.2.8:rc2
proftpdproftpd
1.2.9
proftpdproftpd
1.2.9:rc1
proftpdproftpd
1.2.9:rc2
proftpdproftpd
1.2.9:rc3
proftpdproftpd
1.2.10
proftpdproftpd
1.2.10:rc1
proftpdproftpd
1.2.10:rc2
proftpdproftpd
1.2.10:rc3
proftpdproftpd
1.3.0
proftpdproftpd
1.3.0:a
proftpdproftpd
1.3.0:rc1
proftpdproftpd
1.3.0:rc2
proftpdproftpd
1.3.0:rc3
proftpdproftpd
1.3.0:rc4
proftpdproftpd
1.3.0:rc5
proftpdproftpd
1.3.1
proftpdproftpd
1.3.1:rc1
proftpdproftpd
1.3.1:rc2
proftpdproftpd
1.3.1:rc3
proftpdproftpd
1.3.2
proftpdproftpd
1.3.2:rc1
proftpdproftpd
1.3.2:rc2
proftpdproftpd
1.3.2:rc3
proftpdproftpd
1.3.2:rc4
proftpdproftpd
1.3.3
proftpdproftpd
1.3.3:a
proftpdproftpd
1.3.3:b
proftpdproftpd
1.3.3:c
proftpdproftpd
1.3.3:d
proftpdproftpd
1.3.3:e
proftpdproftpd
1.3.3:rc1
proftpdproftpd
1.3.3:rc2
proftpdproftpd
1.3.3:rc3
proftpdproftpd
1.3.3:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
proftpd-dfsg
bookworm
1.3.8+dfsg-4+deb12u3
fixed
bullseye
1.3.7a+dfsg-12+deb11u2
fixed
lenny
not-affected
sid
1.3.8.b+dfsg-3
fixed
trixie
1.3.8.b+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
proftpd-dfsg
hardy
not-affected
lucid
ignored
maverick
ignored
natty
ignored
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bugs.proftpd.org/show_bug.cgi?id=3711
http://www.proftpd.org/docs/NEWS-1.3.3g
http://www.securityfocus.com/bid/50631
http://www.zerodayinitiative.com/advisories/ZDI-11-328/
http://bugs.proftpd.org/show_bug.cgi?id=3711
http://www.proftpd.org/docs/NEWS-1.3.3g
http://www.securityfocus.com/bid/50631
http://www.zerodayinitiative.com/advisories/ZDI-11-328/