Vulnerability CVE-2020-9273: Information

Description

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: Feb. 20, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
proftpdsisyphus1.3.6-alt0.4.ga73dbfe3b1.3.8-alt0.2.ga3489a6c8ALT-PU-2020-2975-1259417Fixed
proftpdsisyphus_e2k1.3.8-alt0.1.ga3489a6c81.3.8-alt0.2.ga3489a6c8ALT-PU-2023-5741-1-Fixed
proftpdsisyphus_mipsel1.3.8-alt0.1.ga3489a6c81.3.8-alt0.2.ga3489a6c8ALT-PU-2023-5731-1-Fixed
proftpdsisyphus_riscv641.3.8-alt0.1.ga3489a6c81.3.8-alt0.2.ga3489a6c8ALT-PU-2023-5733-1-Fixed
proftpdp101.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2975-1259417Fixed
proftpdp91.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2992-1259400Fixed
proftpdc10f11.3.6-alt0.4.ga73dbfe3b1.3.6-alt0.4.ga73dbfe3bALT-PU-2020-2975-1259417Fixed
proftpdc9f21.3.8-alt0.2.ga3489a6c81.3.8-alt0.2.ga3489a6c8ALT-PU-2023-5874-2329854Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:proftpd:proftpd:1.3.7:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

      cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

      cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*