CVE-2010-4221

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.3c

Description The issue involves multiple stack-based buffer overflows in the pr netio telnet gets function, allowing remote attackers to execute arbitrary code. This can be achieved by sending vectors involving a TELNET IAC escape character to either an FTP or FTPS server.

Recommendations For versions prior to 1.3.3c, update to version 1.3.3c or later to resolve the issue. As a temporary workaround, consider restricting access to the pr netio telnet gets function until a patch is applied. Avoid using the TELNET IAC escape character in communications with the FTP or FTPS server until the issue is resolved.