ProFTPD File Transfer Newline Character Overflow

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.

Synopsis :

Arbitrary code may be run on the remote server.

Description :

The remote host is running a version of ProFTPD which seems to be
vulnerable to a buffer overflow when a user downloads a malformed ASCII

An attacker with upload privileges on this host may abuse this flaw to
gain a root shell on this host.

*** The author of ProFTPD did not increase the version number
*** of his product when fixing this issue, so it might be false
*** positive.

Solution :

Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p

Risk factor :

High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 11849 ()

Bugtraq ID: 8679

CVE ID: CVE-2003-0831

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now