ProFTPd version 1.3.5 remote command execution exploit. This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN.
36d3e6266ecfe1baa5561af1301eeadc1a956f587f58731fbeed05f16dec3a89
A remote buffer overflow vulnerability has been found in mod_tls module of ProFTPD server. The vulnerability could allow a remote un-authenticated attacker to gain root privileges. All versions including 1.3.0a are affected.
180db6a4b1b074c7ba9c0cbafa633c372cb43221e144a3f006a87b5cc1661238
A remotely exploitable stack overflow vulnerability has been found in ProFTPD server. The vulnerability allows a remote authenticated attacker to gain root privileges. Versions below 1.3.0a are affected. Exploit included.
44821edac050385c866aa37abb8d208e6502ac703ffe9cb2ac41fc9b5ad38c8b
Secunia Security Advisory - A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to cause a DoS (Denial of Service).
da4c3881ab9e8123f7a031b721bae2dfac8b2b4ccc6ceb7c6cd1a427596dfa4e
Secunia Security Advisory - Mandriva has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
fb1c61879b3e32dec185d0fb8db946e9cb13f1d0b0ef0e8a9b92cc0e18dfb4f3
Secunia Security Advisory - Debian has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
12bc6e1a6a15e416f4dd61e4dd7fd0e1f3b8d01a05de62fc6fd834275c5f021f
Debian Security Advisory 1218-1 - It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service.
53c1c3fb027239e67fe8aaec759509b59c141ef9cbdf3bf3ae383afdc4b145c1
Mandriva Linux Security Advisory MDKSA-2006-217 - As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD.
061ad57de475b81795f7f9162860d0e6424a67bfe493a75cd523fc34b5103ef9
OpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
9ed99273cbfc967a730fd8f826eceea026990c33c2599e4d71b7ba9c01a9b0fd
Secunia Security Advisory - Evgeny Legerov has reported a vulnerability in ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system.
589b634fb842a729a2c23452cf0d06d461c1469ced5dd967d18803d53b0ca7b0
Secunia Security Advisory - Debian has issued an update for proftpd. This fixes two vulnerabilities, which can be exploited by malicious users to disclose certain sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
6bc9adbeb070e2740efe7601698817ffbdfc2a606d197be353790619b512084c
Gentoo Linux Security Advisory GLSA 200508-02 - infamous42md reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when displaying response messages to the client using information retrieved from a database using mod_sql. Versions less than 1.2.10-r7 are affected.
92e2e5ba42acd726b76870aec005d5d27b342c3b2d5a94e2daa39a52c0da932d
Secunia Security Advisory - Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to disclose certain sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
a7e5d8b6db68ed0f35e66b2344fb5e31fa88e08ae36db4ce0848a82b7cbae890
Gentoo Linux Security Advisory GLSA 200502-26 - gprostats, distributed with GProFTPD, is vulnerable to a format string vulnerability, potentially leading to the execution of arbitrary code. Versions below 8.1.9 are affected.
5c58385762a2a3d9824fbe2f656c8423e1edcecff5ca57268380e4f2eed46928
Remote proof of concept exploit for the ProFTPD 1.2.x user enumeration vulnerability.
1a9f67d4e3a545bb044fe39bd1c9b16e5d474cf940899ecfd73d586444949990
ProFTPD 1.2.x suffers from a vulnerability that allow for remote user enumeration. It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at the ProFTPD login procedure.
2f9b4a192cb97ddf88d2f6a8b9f9136a5959de40a1d46bb06e05a1ac3cfe8582
Side-channel username verification against ProFTPd. Sends the USER command, and sees how long the server takes to respond, indicating whether the user exists or not. Obviously, this may produce false positives on slow network connections.
4c187c9a5ac561e7d40e6812cf15bf9b2bcd4aaf7a0db96b65136cfb08a387f5
ProFTPD versions below 1.2.9rc3 are susceptible to a couple off-by-one overflows. One was introduced after the patch was written to address the flaws listed here.
3f4cda1fa89c843e8b48e9db2c38b1267c17f66732fe1a08256f7ad41f9a03d4
Remote root exploit for ProFTPd 1.2.7-1.2.8.
237386f1bbbe4763fb37224b815cedc1bf10ec040c780c7b84f4873ef8f11ac1
Remote root exploit for ProFTPd versions 1.2.7 - 1.2.9rc2 that breaks the chroot and uses brute force. Tested against SuSE 8.0/8.1 and RedHat 7.2/8.0.
e1b8169e56e2b24443a163f1d695b621b114d4358c11fe13d71fa81194edffd3
ISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
0b7e33b20eb6e39707bf6f99835e0d7b6a4c02fe435aa0e95c32fea7585d8dee
Proftpd v1.2.7rc3 and below remote denial of service exploit which requires a ftp user account or anonymous access to the ftp daemon. Consumes nearly all memory and alot of CPU. Tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3.
b472b47d7f8b3395438de6ee5627449c27fa18d2e9476e8790d13d7b98047093
ISS Security Alert Summary for April 5, 2001 - Volume 6 Number 5. 80 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: palm-debug-bypass-password, exchange-malformed-url-dos, mailx-bo, sunftp-gain-access, winzip-zipandemail-bo, broker-ftp-delete-files, broker-ftp-list-directories, indexu-gain-access, fastream-ftp-directory-traversal, slimserve-httpd-directory-traversal, wftpd-pro-bo, irc-tkserv-bo, warftp-directory-traversal, ie-telnet-execute-commands, cisco-aironet-web-access, netscape-directory-server-bo, proftpd-postinst-root, proftpd-var-symlink, man2html-remote-dos, linux-eperl-bo, novell-netware-unauthorized-access, sgmltools-symlink, hp-asecure-dos, ascdc-afterstep-bo, iis-webdav-dos, websweeper-http-dos, foldoc-cgi-execute-commands, slrn-wrapping-bo, mutt-imap-format-string, formmail-anonymous-flooding, halflife-config-file-bo, halflife-exec-bo, halflife-map-bo, halflife-map-format-string, ikonboard-cgi-read-files, timed-remote-dos, imap-ipop2d-ipop3d-bo, rwhod-remote-dos, snmpd-argv-bo, mesa-utahglx-symlink, ftpfs-bo, solaris-snmpxdmid-bo, vbulletin-php-elevate-privileges, mdaemon-webservices-dos, ssh-ssheloop-dos, eudora-html-execute-code, aspseek-scgi-bo, hslctf-http-dos, licq-url-execute-commands, superscout-bypass-filtering, dgux-lpsched-bo, rediplus-weak-security, fcheck-open-execute-commands, ntmail-long-url-dos, vim-elevate-privileges, ufs-ext2fs-data-disclosure, microsoft-invalid-digital-certificates, akopia-interchange-gain-access, solaris-perfmon-create-files, win-userdmp-insecure-permission, compaq-wbm-bypass-proxy, mdaemon-imap-command-dos, hp-newgrp-additional-privileges, lan-suite-webprox-dos, weblogic-browse-directories, solaris-tip-bo, sonicwall-ike-shared-keys, anaconda-clipper-directory-traversal, visual-studio-vbtsql-bo, sco-openserver-deliver-bo, sco-openserver-lpadmin-bo, sco-openserver-lpforms-bo, sco-openserver-lpshut-bo, sco-openserver-lpusers-bo, sco-openserver-recon-bo, sco-openserver-sendmail-bo, inframail-post-dos, cisco-vpn-telnet-dos, website-pro-remote-dos, and win-compressed-password-recovery.
60fe83921f94894a09c676373d0623af6b51e719ce9ecd75f68f018ab5f57856
This code exploits a bug in the glob() function used in some ftpd's (like proftpd, netbsd ftpd, iis ftpd). It sends a 'ls' command for which will take up about 100% of a systems memory, creating a very effective dos.
7f1cdb3862da20f5231d975f2a3cbd7fb8960b8beeaf13ca49ae65058f1a1479
ftpsed.pl is a perl script which exploits a denial of service vulnerability in Proftpd v1.2 and below. Requires a username and password.
697c7292c32b0c1b43a2055599df28cd1aac80583e074fdfabc4a4b2853e3725
ISS Security Alert Summary for January 1, 2001 - Volume 6 Number 2. 115 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: exmh-error-symlink, informix-webdriver-symlink, informix-webdriver-admin-access, zonealarm-mutex-dos, zonealarm-batfile-dos, shockwave-flash-swf-bo, macos-multiple-users, http-cgi-ikonboard, http-cgi-technote-main, xwindows-char-dos, 1stup-mail-server-bo, dialog-symlink, ibm-wcs-admin, http-cgi-technote-print, iis-web-form-submit, hpux-kermit-bo, bsguest-cgi-execute-commands, bslist-cgi-execute-commands, infinite-interchange-dos, oracle-execute-plsql, ksh-redirection-symlink, oracle-webdb-admin-access, infinite-interchange-dos, gnupg-detached-sig-modify, gnupg-reveal-private, zonealarm-nmap-scans, zonealarm-open-shares, win2k-index-service-activex, proftpd-size-memory-leak, weblogic-dot-bo, mdaemon-imap-dos, zope-calculate-roles, itetris-svgalib-path, bsd-ftpd-replydirname-bo, sonata-command-execute, solaris-catman-symlink, solaris-patchadd-symlink, stunnel-format-logfile, hp-top-sys-files, zope-legacy-names, mrj-runtime-malicious-applets, coffeecup-ftp-weak-encryption, watchguard-soho-fragmented-packets, jpilot-perms, mediaservices-dropped-connection-dos, watchguard-soho-web-auth, watchguard-soho-passcfg-reset, http-cgi-simplestguest, safeword-palm-pin-extraction, mdaemon-lock-bypass-password, cisco-catalyst-ssh-mismatch, microsoft-iis-file-disclosure, ezshopper-cgi-file-disclosure, winnt-mstask-dos, bftpd-site-chown-bo, aim-remote-bo, subscribemelite-gain-admin-access, zope-image-file, http-cgi-everythingform, http-cgi-simplestmail, http-cgi-ad, kde-kmail-weak-encryption, aolim-buddyicon-bo, aim-remote-bo, rppppoe-zero-length-dos, proftpd-modsqlpw-unauth-access, gnu-ed-symlink, oops-ftputils-bo, oracle-oidldap-write-permission, foolproof-security-bypass, broadvision-bv1to1-reveal-path, ssldump-format-strings, coldfusion-sample-dos, kerberos4-arbitrary-proxy, kerberos4-auth-packet-overflow, kerberos4-user-config, kerberos4-tmpfile-dos, homeseer-directory-traversal, offline-explorer-reveal-files, imail-smtp-auth-dos, apc-apcupsd-dos, cisco-catalyst-telnet-dos, ultraseek-reveal-path, irc-dreamforge-dns-dos, mailman-alternate-templates, markvision-printer-driver-bo, nt-ras-reg-perms, nt-snmp-reg-perms, nt-mts-reg-perms, irc-bitchx-dns-bo, ibm-db2-gain-access, ibm-db2-dos, vsu-source-routing, vsu-ip-bridging, ftp-servu-homedir-travers, cisco-cbos-web-access, watchguard-soho-get-dos, phone-book-service-bo, cisco-cbos-syn-packets, cisco-cbos-invalid-login, cisco-cbos-icmp-echo, linux-diskcheck-race-symlink, ie-form-file-upload, mssql-xp-paraminfo-bo, majordomo-auth-execute-commands, ie-print-template, aix-piobe-bo, aix-pioout-bo, aix-setclock-bo, aix-enq-bo, aix-digest-bo, and aix-setsenv-bo.
5e663d9821efd059b23f294cdfa745ad9b5a6aab6c5de4ec2febfa417d586623