ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

This update fixes a security issue where an attacker could conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands. It also fixes some SSL shutdown issues seen with certain clients.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

multiple vulnerabilities has been identified and fixed in proftpd :

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. (CVE-2008-4242)

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a '%' (percent) character in the username, which introduces a ''' (single quote) character during variable substitution by mod_sql.
(CVE-2009-0542)

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. (CVE-2009-0543)

The updated packages have been upgraded to the latest proftpd version (1.3.2) to prevent this.

Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.

The version of ProFTPD running on the remote host splits an overly long FTP command into a series of shorter ones and executes each in turn.  If an attacker can trick a ProFTPD administrator into accessing a specially-formatted HTML link, arbitrary FTP commands could be executed in the context of the affected application with the administrator's privileges.

Secunia reports :

The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g.
tricking the user into following malicious link.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  The version of ProFTPD running on the remote host splits an overly long FTP command into a series of shorter ones and executes each in turn.  If an attacker can trick a ProFTPD administrator into accessing a specially-formatted HTML link, he may be able to cause arbitrary FTP commands to be executed in the context of the affected application with the administrator's privileges.

ID	Name	Product	Family	Severity
37525	Fedora 10 : proftpd-1.3.1-8.fc10 (2009-0089)	Nessus	Fedora Local Security Checks	medium
37354	Mandriva Linux Security Advisory : proftpd (MDVSA-2009:061)	Nessus	Mandriva Local Security Checks	high
35393	Fedora 8 : proftpd-1.3.1-8.fc8 (2009-0195)	Nessus	Fedora Local Security Checks	medium
35389	Fedora 9 : proftpd-1.3.1-8.fc9 (2009-0064)	Nessus	Fedora Local Security Checks	medium
35252	Debian DSA-1689-1 : proftpd-dfsg - missing input validation	Nessus	Debian Local Security Checks	medium
34265	ProFTPD Command Truncation Cross-Site Request Forgery	Nessus	FTP	medium
34256	FreeBSD : proftpd -- Long Command Processing Vulnerability (0f51f2c9-8956-11dd-a6fe-0030843d3802)	Nessus	FreeBSD Local Security Checks	high
4687	ProFTPD Command Truncation Cross-Site Request Forgery	Nessus Network Monitor	FTP Servers	medium
801026	ProFTPD Command Truncation Cross-Site Request Forgery	Log Correlation Engine	FTP Servers	medium

Detections

Analytics

CVE-2008-4242

high

Tenable Plugins

medium

high

medium

medium

medium

medium

high

medium

medium