| VID |
16062 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ProFTPD, according to its banner, is vulnerable to a Buffer Overflow Vulnerability due to a flaw in transferring file in ASCII mode.
ProFTPD is an FTP (File Transfer Protocol) server for Unix platforms. The versions 1.2.7 through 1.2.9rc2 (and possibly versions prior to 1.2.7) of ProFTPD are vulnerable to a Buffer Overflow Vulnerability that can occur when transferring files from the FTP server in ASCII mode. The vulnerability occurs when the attacker that has the ability to upload a file to the server uploads a specially crafted file to the server, and then attempts to download the same file. When a file is being transferred in ASCII mode, file data is examined in 1024 byte chunks to check for newline (\n) characters. However, due to incorrect handling the translation of these newline characters in the ProFTPD, a buffer overflow can occur and execute arbitrary code to gain complete control of the system if ProFTPD parses a specially crafted file. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites.
* Note: This check solely relied on the banner of the remote ProFTPD daemon to assess this vulnerability, so this might be a false positive.
* References:
http://xforce.iss.net/xforce/alerts/id/154
http://www.securityfocus.com/archive/1/338687
* Platforms Affected:
ProFTPD 1.2.7
ProFTPD 1.2.8
ProFTPD 1.2.8rc1
ProFTPD 1.2.8rc2
ProFTPD 1.2.9rc1
ProFTPD 1.2.9rc2 |
| Recommendation |
Upgrade to the patched version of ProFTPD using the source code that is supported by vendor. Refer to ProFTPD web site at http://proftpd.linux.co.uk/critbugs.html
As a workaround, successful exploitation requires the ability that uploads files to the FTP server. So disable the ability for users to perform FTP uploads, either with file permissions or using ProFTPD configuration parameters, to be impossible for attacker to upload files.
<Limit WRITE>
Denial All
</Limit> |
| Related URL |
CVE-2003-0831 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
12200 (ISS) |
|
