Vulnerability Name:

CVE-2011-4130 (CCN-71226)

Assigned:2011-11-09
Published:2011-11-09
Updated:2011-12-08
Summary:Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Bugzilla Bug 3711
Response pool use-after-free memory corruption error

Source: CONFIRM
Type: Exploit, Patch
http://bugs.proftpd.org/show_bug.cgi?id=3711

Source: MITRE
Type: CNA
CVE-2011-4130

Source: CCN
Type: Parallels Web Site
Release Notes for Updates Issued for Parallels Plesk Panel 10.x for Linux Systems

Source: CCN
Type: SA46811
ProFTPD Response Pool Use-After-Free Vulnerability

Source: CCN
Type: SA47068
Parallels Plesk Panel ProFTPD and ISC BIND Vulnerabilities

Source: DEBIAN
Type: DSA-2346
proftpd-dfsg -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 77004
ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption

Source: CCN
Type: ProFTPD Web site
ProFTPD - Highly configurable GPL-licensed FTP server software

Source: CONFIRM
Type: UNKNOWN
http://www.proftpd.org/docs/NEWS-1.3.3g

Source: BID
Type: UNKNOWN
50631

Source: CCN
Type: BID-50631
ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-11-328/

Source: XF
Type: UNKNOWN
proftpd-pool-code-execution(71226)

Source: CCN
Type: ZDI-11-328
ProFTPD Response Pool Use-After-Free Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:proftpd:proftpd:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre10:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre9:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:d:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:e:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:*:f:*:*:*:*:*:* (Version <= 1.3.3)
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:parallels:parallels_plesk_panel:10.1.1:mu_#10:*:*:*:*:*:*
  • OR cpe:/a:parallels:parallels_plesk_panel:10.2.0:build20110407.20:*:*:*:*:*:*
  • OR cpe:/a:parallels:parallels_plesk_panel:10.3.1:build1013110726.09:*:*:*:*:*:*
  • OR cpe:/a:parallels:parallels_plesk_panel:10.4.4:build20111103.18:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20114130
    V
    		CVE-2011-4130
    2022-06-30
    oval:org.opensuse.security:def:113175
    P
    		proftpd-1.3.5b-2.5 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106597
    P
    		proftpd-1.3.5b-2.5 on GA media (Moderate)
    2021-10-01
    oval:org.mitre.oval:def:15217
    P
    		DSA-2346-2 proftpd-dfsg -- several
    2014-06-23
    oval:org.mitre.oval:def:15394
    P
    		DSA-2346-1 proftpd-dfsg -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20114130000
    V
    		CVE-2011-4130 on Ubuntu 12.04 LTS (precise) - medium.
    2011-12-06
    BACK
    proftpd proftpd 1.2.0
    proftpd proftpd 1.2.0 pre10
    proftpd proftpd 1.2.0 pre9
    proftpd proftpd 1.2.0 rc1
    proftpd proftpd 1.2.0 rc2
    proftpd proftpd 1.2.0 rc3
    proftpd proftpd 1.2.1
    proftpd proftpd 1.2.2
    proftpd proftpd 1.2.2 rc1
    proftpd proftpd 1.2.2 rc2
    proftpd proftpd 1.2.2 rc3
    proftpd proftpd 1.2.3
    proftpd proftpd 1.2.4
    proftpd proftpd 1.2.5
    proftpd proftpd 1.2.5 rc1
    proftpd proftpd 1.2.5 rc2
    proftpd proftpd 1.2.5 rc3
    proftpd proftpd 1.2.6
    proftpd proftpd 1.2.6 rc1
    proftpd proftpd 1.2.6 rc2
    proftpd proftpd 1.2.7
    proftpd proftpd 1.2.7 rc1
    proftpd proftpd 1.2.7 rc2
    proftpd proftpd 1.2.7 rc3
    proftpd proftpd 1.2.8
    proftpd proftpd 1.2.8 rc1
    proftpd proftpd 1.2.8 rc2
    proftpd proftpd 1.2.9
    proftpd proftpd 1.2.9 rc1
    proftpd proftpd 1.2.9 rc2
    proftpd proftpd 1.2.9 rc3
    proftpd proftpd 1.2.10
    proftpd proftpd 1.2.10 rc1
    proftpd proftpd 1.2.10 rc2
    proftpd proftpd 1.2.10 rc3
    proftpd proftpd 1.3.0
    proftpd proftpd 1.3.0 a
    proftpd proftpd 1.3.0 rc1
    proftpd proftpd 1.3.0 rc2
    proftpd proftpd 1.3.0 rc3
    proftpd proftpd 1.3.0 rc4
    proftpd proftpd 1.3.0 rc5
    proftpd proftpd 1.3.1
    proftpd proftpd 1.3.1 rc1
    proftpd proftpd 1.3.1 rc2
    proftpd proftpd 1.3.1 rc3
    proftpd proftpd 1.3.2
    proftpd proftpd 1.3.2 rc1
    proftpd proftpd 1.3.2 rc2
    proftpd proftpd 1.3.2 rc3
    proftpd proftpd 1.3.2 rc4
    proftpd proftpd 1.3.3
    proftpd proftpd 1.3.3 a
    proftpd proftpd 1.3.3 b
    proftpd proftpd 1.3.3 c
    proftpd proftpd 1.3.3 d
    proftpd proftpd 1.3.3 e
    proftpd proftpd * f
    proftpd proftpd 1.3.3 rc1
    proftpd proftpd 1.3.3 rc2
    proftpd proftpd 1.3.3 rc3
    proftpd proftpd 1.3.3 rc4
    proftpd proftpd 1.3.1
    proftpd proftpd 1.3.2 rc2
    proftpd proftpd 1.3.2 rc1
    proftpd proftpd 1.3.2 rc3
    proftpd proftpd 1.3.2 rc4
    parallels parallels plesk panel 10.1.1 mu_#10
    parallels parallels plesk panel 10.2.0 build20110407.20
    parallels parallels plesk panel 10.3.1 build1013110726.09
    parallels parallels plesk panel 10.4.4 build20111103.18