This Metasploit module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been discovered about 2 (two) years ago by Evgeny Legerov.
41d4996163aa5db3c1f65003fa4feea5044edfa1112cac105c463346d43f029bDebian Security Advisory 1222-2 - Due to technical problems yesterday's proftpd update lacked a build for the amd64 architecture, which is now available. Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service.
b6cf6ad61f34245ebd9b4e72ef0bee6c823bdb1f06c59ff4c77354091c5374c9Mandriva Linux Security Advisory - Multiple vulnerabilities exist in ProFTPd versions 1.3.0a and below.
e2171be169bfd780fec771b7e39e63a762c38535f944aa32aed8c1273821ce01Debian Security Advisory 1222-1 - Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service.
c12800e6db0918beeb56fcbd6c44c2e32fc8823002ebfbc8af9853095cfdc2b7A remotely exploitable stack overflow vulnerability has been found in ProFTPD server. The vulnerability allows a remote authenticated attacker to gain root privileges. Versions below 1.3.0a are affected. Exploit included.
44821edac050385c866aa37abb8d208e6502ac703ffe9cb2ac41fc9b5ad38c8bDebian Security Advisory 1218-1 - It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service.
53c1c3fb027239e67fe8aaec759509b59c141ef9cbdf3bf3ae383afdc4b145c1Mandriva Linux Security Advisory MDKSA-2006-217 - As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD.
061ad57de475b81795f7f9162860d0e6424a67bfe493a75cd523fc34b5103ef9OpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
9ed99273cbfc967a730fd8f826eceea026990c33c2599e4d71b7ba9c01a9b0fd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed