ProFTPD Multiple Remote Overflows (palmetto)

critical Nessus Plugin ID 10464

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote ProFTPd server is running a 1.2.0preN version.

All the 1.2.0preN versions contain several security flaws that allow an attacker to execute arbitrary code on this host.

Solution

Upgrade to a fixed FTP server - http://www.proftpd.net

Plugin Details

Severity: Critical

ID: 10464

File Name: proftpd_pre10.nasl

Version: 1.25

Type: remote

Family: FTP

Published: 7/15/2000

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:proftpd:proftpd

Required KB Items: ftp/proftpd

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/27/1999

Vulnerability Publication Date: 2/9/1999

Reference Information

CVE: CVE-1999-0368

BID: 2242