FreeBSD : proftpd -- Remote Code Execution Vulnerability (cca97f5f-7435-11db-91de-0008743bf21a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

FrSIRT reports :

A vulnerability has been identified in ProFTPD, which could be
exploited by attackers to cause a denial of service or execute
arbitrary commands. This flaw is due to a buffer overflow error in the
'main.c' file where the 'cmd_buf_size' size of the buffer used to
handle FTP commands sent by clients is not properly set to the size
configured via the 'CommandBufferSize' directive, which could be
exploited by attackers to compromise a vulnerable server via a
specially crafted FTP command.

See also :

http://www.frsirt.com/english/advisories/2006/4451
http://www.nessus.org/u?fe9abae7

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23667 (freebsd_pkg_cca97f5f743511db91de0008743bf21a.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now