Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4221 to
the following vulnerability:
Reference: MISC: http://www.zerodayinitiative.com/advisories/ZDI-10-229/
Reference: CONFIRM: http://bugs.proftpd.org/show_bug.cgi?id=3521
Reference: CONFIRM: http://www.proftpd.org/docs/NEWS-1.3.3c
Reference: URL: http://www.securityfocus.com/bid/44562
Reference: URL: http://secunia.com/advisories/42052
Multiple stack-based buffer overflows in the pr_netio_telnet_gets
function in netio.c in ProFTPD before 1.3.3c allow remote attackers to
execute arbitrary code via vectors involving a TELNET IAC escape
character to a (1) FTP or (2) FTPS server.
Note: the impact of this is somewhat lessened as proftpd runs as the 'nobody' user. According to upstream, this vulnerability has been present since 1.3.2rc3.
Created proftpd tracking bugs for this issue
Affects: fedora-all [bug 651608]
I believe this one can be closed now.
All current releases now have this fixed.
F-15 and Rawhide have 1.3.4rc2.
EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.