ProFTPD Command Truncation Cross-Site Request Forgery

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.

Synopsis :

The remote FTP server is prone to a cross-site request forgery attack.

Description :

The remote host is using ProFTPD, a free FTP server for Unix and

The version of ProFTPD running on the remote host splits an overly
long FTP command into a series of shorter ones and executes each in
turn. If an attacker can trick a ProFTPD administrator into accessing
a specially-formatted HTML link, arbitrary FTP commands could be
executed in the context of the affected application with the
administrator's privileges.

See also :

Solution :

Apply the patch included in the bug report or upgrade to the latest
version in CVS.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 34265 ()

Bugtraq ID: 31289

CVE ID: CVE-2008-4242