Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4221 to the following vulnerability: Name: CVE-2010-4221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221 Assigned: 20101109 Reference: MISC: http://www.zerodayinitiative.com/advisories/ZDI-10-229/ Reference: CONFIRM: http://bugs.proftpd.org/show_bug.cgi?id=3521 Reference: CONFIRM: http://www.proftpd.org/docs/NEWS-1.3.3c Reference: BID:44562 Reference: URL: http://www.securityfocus.com/bid/44562 Reference: SECUNIA:42052 Reference: URL: http://secunia.com/advisories/42052 Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. Note: the impact of this is somewhat lessened as proftpd runs as the 'nobody' user. According to upstream, this vulnerability has been present since 1.3.2rc3.
Created proftpd tracking bugs for this issue Affects: fedora-all [bug 651608]
I believe this one can be closed now.
All current releases now have this fixed. F-15 and Rawhide have 1.3.4rc2. EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.