CVE-2011-4130

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
proftpdproftpd
𝑥
≤ 1.3.3
proftpdproftpd
1.2.0
proftpdproftpd
1.2.0:pre10
proftpdproftpd
1.2.0:pre9
proftpdproftpd
1.2.0:rc1
proftpdproftpd
1.2.0:rc2
proftpdproftpd
1.2.0:rc3
proftpdproftpd
1.2.1
proftpdproftpd
1.2.2
proftpdproftpd
1.2.2:rc1
proftpdproftpd
1.2.2:rc2
proftpdproftpd
1.2.2:rc3
proftpdproftpd
1.2.3
proftpdproftpd
1.2.4
proftpdproftpd
1.2.5
proftpdproftpd
1.2.5:rc1
proftpdproftpd
1.2.5:rc2
proftpdproftpd
1.2.5:rc3
proftpdproftpd
1.2.6
proftpdproftpd
1.2.6:rc1
proftpdproftpd
1.2.6:rc2
proftpdproftpd
1.2.7
proftpdproftpd
1.2.7:rc1
proftpdproftpd
1.2.7:rc2
proftpdproftpd
1.2.7:rc3
proftpdproftpd
1.2.8
proftpdproftpd
1.2.8:rc1
proftpdproftpd
1.2.8:rc2
proftpdproftpd
1.2.9
proftpdproftpd
1.2.9:rc1
proftpdproftpd
1.2.9:rc2
proftpdproftpd
1.2.9:rc3
proftpdproftpd
1.2.10
proftpdproftpd
1.2.10:rc1
proftpdproftpd
1.2.10:rc2
proftpdproftpd
1.2.10:rc3
proftpdproftpd
1.3.0
proftpdproftpd
1.3.0:a
proftpdproftpd
1.3.0:rc1
proftpdproftpd
1.3.0:rc2
proftpdproftpd
1.3.0:rc3
proftpdproftpd
1.3.0:rc4
proftpdproftpd
1.3.0:rc5
proftpdproftpd
1.3.1
proftpdproftpd
1.3.1:rc1
proftpdproftpd
1.3.1:rc2
proftpdproftpd
1.3.1:rc3
proftpdproftpd
1.3.2
proftpdproftpd
1.3.2:rc1
proftpdproftpd
1.3.2:rc2
proftpdproftpd
1.3.2:rc3
proftpdproftpd
1.3.2:rc4
proftpdproftpd
1.3.3
proftpdproftpd
1.3.3:a
proftpdproftpd
1.3.3:b
proftpdproftpd
1.3.3:c
proftpdproftpd
1.3.3:d
proftpdproftpd
1.3.3:e
proftpdproftpd
1.3.3:rc1
proftpdproftpd
1.3.3:rc2
proftpdproftpd
1.3.3:rc3
proftpdproftpd
1.3.3:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
proftpd-dfsg
bullseye
1.3.7a+dfsg-12+deb11u2
fixed
lenny
not-affected
bookworm
1.3.8+dfsg-4+deb12u3
fixed
trixie
1.3.8.b+dfsg-2
fixed
sid
1.3.8.b+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
proftpd-dfsg
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
hardy
not-affected
Common Weakness Enumeration
References
http://bugs.proftpd.org/show_bug.cgi?id=3711
http://www.proftpd.org/docs/NEWS-1.3.3g
http://www.securityfocus.com/bid/50631
http://www.zerodayinitiative.com/advisories/ZDI-11-328/
http://bugs.proftpd.org/show_bug.cgi?id=3711
http://www.proftpd.org/docs/NEWS-1.3.3g
http://www.securityfocus.com/bid/50631
http://www.zerodayinitiative.com/advisories/ZDI-11-328/