FreeBSD : proftpd -- remote code execution vulnerability (533d20e7-f71f-11df-9ae1-000bcdf0a03b)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Tippingpoint reports :

This vulnerability allows remote attackers to execute arbitrary code
on vulnerable installations of ProFTPD. Authentication is not required
to exploit this vulnerability.

The flaw exists within the proftpd server component which listens by
default on TCP port 21. When reading user input if a TELNET_IAC escape
sequence is encountered the process miscalculates a buffer length
counter value allowing a user controlled copy of data to a stack
buffer. A remote attacker can exploit this vulnerability to execute
arbitrary code under the context of the proftpd process.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-229/
http://www.nessus.org/u?72d40435

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 50700 ()

Bugtraq ID: 44562

CVE ID: CVE-2010-4221

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now