fkie_nvd - fkie_cve-2011-4130

FKIE_CVE-2011-4130

Vulnerability from fkie_nvd - Published: 2011-12-06 11:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

References

URL	Tags
secalert@redhat.com	http://bugs.proftpd.org/show_bug.cgi?id=3711	Exploit, Patch
secalert@redhat.com	http://www.proftpd.org/docs/NEWS-1.3.3g
secalert@redhat.com	http://www.securityfocus.com/bid/50631
secalert@redhat.com	http://www.zerodayinitiative.com/advisories/ZDI-11-328/
af854a3a-2127-422b-91ae-364da2661108	http://bugs.proftpd.org/show_bug.cgi?id=3711	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.proftpd.org/docs/NEWS-1.3.3g
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/50631
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-11-328/

Impacted products

Vendor	Product	Version
proftpd	proftpd	*
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.1
proftpd	proftpd	1.2.2
proftpd	proftpd	1.2.2
proftpd	proftpd	1.2.2
proftpd	proftpd	1.2.2
proftpd	proftpd	1.2.3
proftpd	proftpd	1.2.4
proftpd	proftpd	1.2.5
proftpd	proftpd	1.2.5
proftpd	proftpd	1.2.5
proftpd	proftpd	1.2.5
proftpd	proftpd	1.2.6
proftpd	proftpd	1.2.6
proftpd	proftpd	1.2.6
proftpd	proftpd	1.2.7
proftpd	proftpd	1.2.7
proftpd	proftpd	1.2.7
proftpd	proftpd	1.2.7
proftpd	proftpd	1.2.8
proftpd	proftpd	1.2.8
proftpd	proftpd	1.2.8
proftpd	proftpd	1.2.9
proftpd	proftpd	1.2.9
proftpd	proftpd	1.2.9
proftpd	proftpd	1.2.9
proftpd	proftpd	1.2.10
proftpd	proftpd	1.2.10
proftpd	proftpd	1.2.10
proftpd	proftpd	1.2.10
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.1
proftpd	proftpd	1.3.1
proftpd	proftpd	1.3.1
proftpd	proftpd	1.3.1
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:*:f:*:*:*:*:*:*",
              "matchCriteriaId": "1F1EC1B4-5375-415A-BF32-CF41DC65D650",
              "versionEndIncluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B472294D-A2FE-4654-A074-8AA07E372FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:pre10:*:*:*:*:*:*",
              "matchCriteriaId": "8F6FAFE7-CA48-4CB3-9D2C-93885CBD0E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:pre9:*:*:*:*:*:*",
              "matchCriteriaId": "66B905D9-D4B2-4133-9918-EB54C48319C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BC4021B3-9847-43A1-96A1-0853607B5A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1C874862-2902-4927-8BE4-D90CCBBDE1CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "12BBE1F6-0095-4D59-AB85-AD156B4E6330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB5B28-F80C-4B1E-84A3-897C1C31E10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB42F122-F661-4039-8E55-394BF1DDBAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8258B2B-CE41-4631-9BE2-851BF1EEFBB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "98BAB5CF-A079-44B7-8F16-5B9042C7AD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "793E0643-019A-4B59-899C-05D62217CA32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07A224A-CB33-4E60-B61D-C39921357752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E592E6-7CCC-49D0-84A6-D2FF39B87B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5306B2-CA16-40F2-B2D7-CAC8F6B300FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "68017302-B9B2-4CE2-8337-DDC955328B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5759F3EA-795E-44AC-876F-64EACBAE1F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "943E8AF1-1EE9-4373-84CB-17092692EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE8A2A3-E0C9-4287-B2A3-9AF7AC6BA4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C5B04A95-766E-4191-8B5C-DDABF947992A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92565089-853E-400B-89D4-FE95C701CF66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "092FB5B4-C960-4354-AB39-CF1282F8F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AB0767FF-3FEA-4F1C-B307-B55797257092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F7C739C5-5647-4F77-82F6-59A868E29A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "933CE353-B6F5-45C0-B011-32F0864AB95E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "991E4BED-A675-4D44-9A72-EE7F49005B20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A8B64256-9994-4D7B-928C-3DAEC0B2CE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EC180DEA-985D-4802-BCA3-99025C695A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC036C6-445D-4A6E-8B22-799CE611C05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "44670EA1-33E7-486B-80C0-743C09632F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "777FBAE6-3BA4-436A-85FC-B59DCFB89160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.9:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9974BFCD-08A3-4971-B075-3F0D02127C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "67473C1E-95B5-43A2-A0DB-F65FD239DB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "17FA3F4E-49CB-4C61-BED8-466F4DB61ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1239A9F8-3EE5-4CF1-8F02-D2F5F26F708E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.2.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5DE6D2B3-BD20-4361-AFDA-9B8368944588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3DED96-536B-4974-9F90-BBEA80408845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "EA19FBBE-EEC7-4575-9D5F-7A8458A357AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3744E1A8-516E-4E47-851E-BC3877DEE2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0C34711E-E228-47E7-B2CB-CB10AD121953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E3A1304E-22C2-43F1-90DF-874466CF3A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "75841353-74FD-4DDB-B73F-16BB01A48D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B1362BD4-8CB4-4C53-BE42-88ADC3E505A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0629F25F-B9C6-4FC7-B67E-E6B38E59E60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "24F20C0A-354D-496B-B287-50CB5C4F3291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C39649BE-9048-44BA-8D47-6D37DCDEFA5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8697292B-16DF-4300-8F90-8E72D4968E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "185E727C-E4DB-4713-866D-957D20838D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8B43EDB7-7B67-43E0-AAE9-F8120C6E607C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F615B39A-5E30-454B-B851-14C5735578E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B9C16C32-7834-4363-A0BE-A776A6DB307A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.2:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5884F593-C977-4AFC-9428-6A915D962C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6402CD88-0255-4574-8772-8723883FBFAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*",
              "matchCriteriaId": "6FDFFB0F-0F4D-4388-B5D4-4E217234AADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:b:*:*:*:*:*:*",
              "matchCriteriaId": "A1D5B657-62CB-4C31-9798-C529C22EA7D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:c:*:*:*:*:*:*",
              "matchCriteriaId": "15837EC9-F392-4ACD-A292-7ECD413D54BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:d:*:*:*:*:*:*",
              "matchCriteriaId": "01A0BABE-A45D-445F-937A-D29198222A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:e:*:*:*:*:*:*",
              "matchCriteriaId": "A0AAA84E-CB68-469F-954C-8BE616D319DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "29FBDF30-0E17-46DA-8548-DEE5E3CD9EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D78D0553-7C43-4032-A573-16CC45A24386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FAEEEE3C-7EAA-419F-9BF7-333B63DCDA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "F68C4EEA-FA42-4B99-8EA6-3DB57527947B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la API de Respuesta en ProFTPD antes de v1.3.3g permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores que implican un error que se produce despu\u00e9s de una transferencia de datos FTP."
    }
  ],
  "id": "CVE-2011-4130",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-06T11:55:06.503",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.proftpd.org/docs/NEWS-1.3.3g"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/50631"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-328/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.proftpd.org/docs/NEWS-1.3.3g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/50631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-328/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-4130 (GCVE-0-2011-4130)

Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-08-07 00:01

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2011-4130

CVE-2011-4130 (GCVE-0-2011-4130)

Tags

Sightings

Nomenclature