ProFTPD 1.2.0rc2 Malformed cwd Command Format String

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

It might be possible to run arbitrary code on this server.

Description :

The remote ProFTPd server is as old or older than 1.2.0rc2

There is a very hard to exploit format string vulnerability in
this version that could allow an attacker to execute arbitrary
code on this host.

The vulnerability is believed to be nearly impossible to exploit
though.

Solution :

Upgrade to a newer version.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FTP

Nessus Plugin ID: 11407 ()

Bugtraq ID: 6781

CVE ID: CVE-2001-0318