| VID |
16111 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
A version of ProFTPD FTP Server which is older than version 1.3.0rc2 is detected as running on the host. ProFTPD is a free available FTP server for Unix-based operating systems. ProFTPD versions prior to 1.3.0rc2 are vulnerable to two format string attacks via certain inputs to the shutdown message from 'ftpshut' utility, or the SQLShowInfo mod_sql directive. Successful exploitation of these vulnerabilities may allow an attacker to obtain certain sensitive information, cause a denial of service, or potentially compromise a vulnerable system.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2
http://secunia.com/advisories/16181/
* Platforms Affected:
ProFTPD Project, ProFTPD versions prior to 1.3.0rc2
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of ProFTPD (1.3.0rc2 or later), available from the ProFTPD Web page at http://www.proftpd.org/ |
| Related URL |
CVE-2005-2390 (CVE) |
| Related URL |
14380,14381 (SecurityFocus) |
| Related URL |
21528,21530 (ISS) |
|
