Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-9273

Published: 20/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd 1.3.7

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 30

fedoraproject fedora 31

opensuse leap 15.1

opensuse backports sle 15.0

siemens simatic_net_cp_1545-1_firmware -

siemens simatic_net_cp_1543-1_firmware

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-9273: buster affected
Debian Bug report logs - #951800 CVE-2020-9273: buster affected Package: proftpd-basic; Maintainer for proftpd-basic is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Source for proftpd-basic is src:proftpd-dfsg (PTS, buildd, popcon) Reported by: Hilmar Preusse <hille42@webde> Date: Fri ...
Debian Security Advisories: DSA-4635-1 proftpd-dfsg -- security update
Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fi ...

Mailing Lists

Full Disclosure: Possible memory leak on getspnam / getspnam_r
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Possible memory leak on getspnam / getspnam_r <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Jean Diogo &lt;j () ...

Github Repositories

https://github.com/ethanoxendine/Kenobi

This machine will cover a Samba share, manipulating version of proftdpd to gain initial access and escalate your privileges to root via an SUID binary. This a writeup for the machine on TryHackMe.

Kenobi Summary This machine will cover a Samba share, manipulating version of proftdpd to gain initial access and escalate your privileges to root via an SUID binary Initial questions about machine What exactly is a Samba share? How has it been attacked in real life? What is proftpd? Samba Share Samba is kinda like the interpreter between linux and unix based machines Samb

https://github.com/lockedbyte/CVE-Exploits

PoC exploits for software vulnerabilities

CVE Exploit PoC's PoC exploits for multiple software vulnerabilities Current exploits CVE-2019-18634 (LPE): Stack-based buffer overflow in sudo tgetpassc when pwfeedback module is enabled CVE-2021-3156 (LPE): Heap-based buffer overflow in sudo sudoersc when an argv ends with backslash character CVE-2020-28018 (RCE): Exim Use-After-Free (UAF) in tls-opensslc leading t

https://github.com/ptef/CVE-2020-9273

Analysis and exploitation of an use-after-free in ProFTPd

CVE-2020-9273 These are the files I created during analysis and exploitaion of CVE-2020-9273 - a heap use-after-free in ProFTPd Take a look at the exploit video here Description about the files in this repo: poc-not-really-v4c - an article and poc I wrote last year (oct/2020), read to understand the exploitation path; exploit_democ - demo exploit released, with hardcoded ad

References

CWE-416https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTEShttps://github.com/proftpd/proftpd/issues/903https://lists.debian.org/debian-lts-announce/2020/02/msg00022.htmlhttps://www.debian.org/security/2020/dsa-4635http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00002.htmlhttps://security.gentoo.org/glsa/202003-35https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdfhttp://www.openwall.com/lists/oss-security/2021/08/25/1http://www.openwall.com/lists/oss-security/2021/09/06/2https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951800https://nvd.nist.govhttps://github.com/ethanoxendine/Kenobihttps://www.debian.org/security/2020/dsa-4635
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook