ProFTPD Multiple Remote Vulnerabilities Network Vulnerability

Summary

The host is running ProFTPD and is prone to multiple vulnerabilities.

Impact

Successful exploitation may allow execution of arbitrary code or cause a denial-of-service. Impact Level: Application

Solution

Upgrade to ProFTPD version 1.3.3c or later, For updates refer to http://www.proftpd.org/

Insight

- An input validation error within the 'mod_site_misc' module can be exploited to create and delete directories, create symlinks, and change the time of files located outside a writable directory. - A logic error within the 'pr_netio_telnet_gets()' function in 'src/netio.c' when processing user input containing the Telnet IAC escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service.

Affected

ProFTPD versions prior to 1.3.3c

References

http://bugs.proftpd.org/show_bug.cgi?id=3519
http://bugs.proftpd.org/show_bug.cgi?id=3521
http://secunia.com/advisories/42052
http://www.zerodayinitiative.com/advisories/ZDI-10-229/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3867, CVE-2010-4221

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability
WS FTP server multiple flaws
Open-FTPD Authentication Bypass Vulnerability
EFTP installation directory disclosure
GuildFTPd Long SITE Command Overflow

Take action and discover your vulnerabilities