ProFTPD TELNET IAC Escape Sequence Remote Buffer Overflow

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote ProFTP daemon is affected by a buffer overflow
vulnerability.

Description :

The remote ProFTP daemon is susceptible to an overflow condition. The
TELNET_IAC escape sequence handling fails to properly sanitize user-
supplied input resulting in a stack overflow. With a specially crafted
request, an unauthenticated, remote attacker could potentially execute
arbitrary code.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-229/
http://bugs.proftpd.org/show_bug.cgi?id=3521
http://www.proftpd.org/docs/NEWS-1.3.3c

Solution :

Upgrade to version 1.3.3c or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 70446 ()

Bugtraq ID: 44562

CVE ID: CVE-2010-4221