CVE-2010-4221

Description

Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.

How to fix CVE-2010-4221

To remediate CVE-2010-4221, upgrade the affected package to a fixed version below.

• Debian/proftpd-dfsg—upgrade to 1.3.3a-5 or later

Is CVE-2010-4221 being exploited?

Likely — EPSS is 92.1%, placing CVE-2010-4221 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 1.3.3a-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4221