ProFTPD < 1.3.1rc1 mod_ctrls Module pr_ctrls_recv_request Function Local Overflow

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a local buffer overflow
vulnerability.

Description :

The remote host is using ProFTPD, a free FTP server for Unix and
Linux.

According to its banner, the version of ProFTPD installed on the
remote host is earlier than 1.3.1rc1 and is affected by a local,
stack-based buffer overflow. The function 'pr_ctrls_recv_request' in
the file 'src/ctrls.c' belonging to the 'mod_ctrls' module does not
properly handle large values in the 'reqarglen' parameter.

This error can allow a local attacker to execute arbitrary code.

See also :

http://www.securityfocus.com/archive/1/archive/1/454320/100/0/threaded
http://sourceforge.net/mailarchive/message.php?msg_id=168826

Solution :

Upgrade to ProFTPD version 1.3.1rc1 or later.

Risk factor :

Medium / CVSS Base Score : 6.6
(CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.5
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 17718 ()

Bugtraq ID: 21587

CVE ID: CVE-2006-6563