CVE-2020-9273
CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdfhttps://github.com/proftpd/proftpd/blob/master/RELEASE_NOTEShttps://github.com/proftpd/proftpd/issues/903https://lists.debian.org/debian-lts-announce/2020/02/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/https://security.gentoo.org/glsa/202003-35https://www.debian.org/security/2020/dsa-4635http://www.openwall.com/lists/oss-security/2021/08/25/1http://www.openwall.com/lists/oss-security/2021/09/06/2