ProFTPD File Transfer Newline Character Overflow

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote server.

Description :

The remote host is running a version of ProFTPD which seems to be
vulnerable to a buffer overflow when a user downloads a malformed ASCII
file.

An attacker with upload privileges on this host may abuse this flaw to
gain a root shell on this host.

*** The author of ProFTPD did not increase the version number
*** of his product when fixing this issue, so it might be false
*** positive.

Solution :

Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 11849 ()

Bugtraq ID: 8679

CVE ID: CVE-2003-0831