PT-2015-3383 · Proftpd+2 · Proftpd+2

Stephan Zeisberg

Publicado

2015-05-18

Atualizado

2024-10-14

CVE-2019-18217

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.6b ProFTPD version 1.3.7rc before 1.3.7rc2

Description The issue is related to the incorrect handling of overly long commands in the main.c component of the ProFTPD FTP server. This can lead to a remote unauthenticated denial-of-service, causing the server to enter an infinite loop. The vulnerability allows a remote attacker to exploit this weakness, resulting in a denial-of-service.

Recommendations For ProFTPD versions prior to 1.3.6b, update to version 1.3.6b or later. For ProFTPD version 1.3.7rc before 1.3.7rc2, update to version 1.3.7rc2 or later.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2020-2973

ALT-PU-2020-2992

ALT-PU-2021-2692

ALT-PU-2023-5874

ALT-PU-2024-13729

BDU:2019-04710

CVE-2019-18217

DLA-1974-1

DSA-4559-1

OPENSUSE-SU-2020:0031-1

OPENSUSE-SU-2020_0031-1

OPENSUSE-SU-2024:11196-1

Produtos afetados

Alt Linux

Proftpd

Suse

PT-2015-3383 · Proftpd+2 · Proftpd+2

CVE-2019-18217

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47