| VID |
16040 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ProFTPD is vulnerable to a buffer overflow attack via a series of MKD and CWD command.
When a remote attacker has login credentials or anonymous FTP access, and a directory writable by them exists, this vulnerability arises by creating a huge directory structure with directory names not being longer than 255 chars as the following:
MKD aaaaaaa....['a' * 254]....aaaaaaaa
CWD aaaaaaa....['a' * 254]....aaaaaaaa
As the result, a remote attacker can gain system access and execute arbitrary code on the remote server. Or it is possible to make the remote FTP server to crash.
* Platforms Affected:
ProFTPD 1.2 pre1
ProFTPD 1.2 pre2
ProFTPD 1.2 pre3
ProFTPD 1.2 pre4
ProFTPD 1.2 pre5
* References:
http://online.securityfocus.com/bid/612
http://www.iss.net/security_center/static/3399.php |
| Recommendation |
Upgrade to ProFTPD 1.2pre7 or later from the ProFTPD web site : http://www.proftpd.org/download.html
Now the latest version, ProFTPD 1.2.8rc1, has just been released on the Dec 28, 2002.
As the workaround, remove writable directories with credentials or anonymous FTP accesson on the FTP server. |
| Related URL |
CVE-1999-0911 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
