Detections
Analytics

GLSA-200611-26 : ProFTPD: Remote execution of arbitrary code

critical Nessus Plugin ID 23762

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200611-26 (ProFTPD: Remote execution of arbitrary code)

 Evgeny Legerov discovered a stack-based buffer overflow in the s_replace() function in support.c, as well as a buffer overflow in in the mod_tls module. Additionally, an off-by-two error related to the CommandBufferSize configuration directive was reported.
 Impact :

 An authenticated attacker could exploit the s_replace() vulnerability by uploading a crafted .message file or sending specially crafted commands to the server, possibly resulting in the execution of arbitrary code with the rights of the user running ProFTPD. An unauthenticated attacker could send specially crafted data to the server with mod_tls enabled which could result in the execution of arbitrary code with the rights of the user running ProFTPD. Finally, the off-by-two error related to the CommandBufferSize configuration directive was fixed - exploitability of this error is disputed. Note that the default configuration on Gentoo is to run ProFTPD as an unprivileged user, and has mod_tls disabled.
 Workaround :

 There is no known workaround at this time.

Solution

All ProFTPD users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=net-ftp/proftpd-1.3.0a'

See Also

https://security.gentoo.org/glsa/200611-26

Plugin Details

Severity: Critical

ID: 23762

File Name: gentoo_GLSA-200611-26.nasl

Version: 1.15

Type: local

Published: 12/4/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:proftpd, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/30/2006

Vulnerability Publication Date: 10/5/2006

Exploitable With

Metasploit (ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux))

Reference Information

CVE: CVE-2006-5815, CVE-2006-6170, CVE-2006-6171

CWE: 119

GLSA: 200611-26