ProFTPD FTP Command Handling Symlink Arbitrary File Overwrite

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by an arbitrary file overwrite
vulnerability.

Description :

The remote host is using ProFTPD, a free FTP server for Unix and Linux.
According to its banner, the version of ProFTPD installed on the remote
host earlier than 1.3.4c. As such, it is potentially affected by a race
condition error that does not securely create temporary files related to
symlinks and newly created directories. A local, attacker could
leverage this issue to overwrite arbitrary files and elevate privileges.

Note that Nessus did not actually test for the flaw but has instead
relied on the version in ProFTPD's banner.

See also :

http://proftpd.org/docs/RELEASE_NOTES-1.3.4c
http://proftpd.org/docs/RELEASE_NOTES-1.3.5rc1
http://bugs.proftpd.org/show_bug.cgi?id=3841

Solution :

Upgrade to 1.3.4c / 1.3.5rc1 or apply the patch from the vendor.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 0.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FTP

Nessus Plugin ID: 66970 ()

Bugtraq ID: 57172

CVE ID: CVE-2012-6095