Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-9273

Published: 20/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd 1.3.7

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 30

fedoraproject fedora 31

opensuse leap 15.1

opensuse backports sle 15.0

siemens simatic net cp 1545-1 firmware -

siemens simatic net cp 1543-1 firmware

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-9273: buster affected
Debian Bug report logs - #951800 CVE-2020-9273: buster affected Package: proftpd-basic; Maintainer for proftpd-basic is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Source for proftpd-basic is src:proftpd-dfsg (PTS, buildd, popcon) Reported by: Hilmar Preusse <hille42@webde> Date: Fri ...
Debian Security Advisories: DSA-4635-1 proftpd-dfsg -- security update
Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fi ...

Mailing Lists

Full Disclosure: Re: Possible memory leak on getspnam / getspnam_r
Hi Jean, On Tue, Aug 24, 2021 at 08:14:02PM -0300, Jean Diogo wrote: There's no reliable way for a program to ensure nothing sensitive is left in memory However, the library can make a better effort to make it unlikely that password hashes would be left in memory Like you suggested in another message (somehow detached from this thread), ends ...
Full Disclosure: Possible memory leak on getspnam / getspnam_r
Hi, The function getspnam() and it's reentrant sister getspnam_r() do not clean the content of allocated memory before returning to the user, resulting in the leak of /etc/shadow content In some cases this might be an issue buffer is controlled by the user) rather than getspnam, both functions malloc the buffer on itself (apparently the heap p ...

Github Repositories

https://github.com/ethanoxendine/Kenobi

This machine will cover a Samba share, manipulating version of proftdpd to gain initial access and escalate your privileges to root via an SUID binary. This a writeup for the machine on TryHackMe.

Kenobi Summary This machine will cover a Samba share, manipulating version of proftdpd to gain initial access and escalate your privileges to root via an SUID binary Initial questions about machine What exactly is a Samba share? How has it been attacked in real life? What is proftpd? Samba Share Samba is kinda like the interpreter between linux and unix based machines Samb

https://github.com/lockedbyte/CVE-Exploits

PoC exploits for software vulnerabilities

CVE Exploit PoC's PoC exploits for multiple software vulnerabilities Current exploits CVE-2019-18634 (LPE): Stack-based buffer overflow in sudo tgetpassc when pwfeedback module is enabled CVE-2021-3156 (LPE): Heap-based buffer overflow in sudo sudoersc when an argv ends with backslash character CVE-2020-28018 (RCE): Exim Use-After-Free (UAF) in tls-opensslc leading t

https://github.com/ptef/CVE-2020-9273

Analysis and exploitation of an use-after-free in ProFTPd

CVE-2020-9273 These are the files I created during analysis and exploitaion of CVE-2020-9273 - a heap use-after-free in ProFTPd Take a look at the exploit video here Description about the files in this repo: poc-not-really-v4c - an article and poc I wrote last year (oct/2020), read to understand the exploitation path; exploit_democ - demo exploit released, with hardcoded ad

References

CWE-416https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTEShttps://github.com/proftpd/proftpd/issues/903https://lists.debian.org/debian-lts-announce/2020/02/msg00022.htmlhttps://www.debian.org/security/2020/dsa-4635http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00002.htmlhttps://security.gentoo.org/glsa/202003-35https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdfhttp://www.openwall.com/lists/oss-security/2021/08/25/1http://www.openwall.com/lists/oss-security/2021/09/06/2https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951800https://github.com/ethanoxendine/Kenobihttps://www.debian.org/security/2020/dsa-4635
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCPCVE-2024-4577CVE-2024-2695CVE-2024-31870injectionCVE-2024-3813arbitrary codeCVE-2024-27801CVE-2024-30120
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook