Main Vulnerability Database SB2010110201

SB2010110201 - Slackware Linux update for proftpd

Published: November 2, 2010 Updated: June 28, 2025

Security Bulletin ID SB2010110201

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2010-3867)

The vulnerability allows a remote user to execute arbitrary code.

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209