ProFTPD < 1.3.1rc1 mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
Medium Nessus Plugin ID 17718
SynopsisThe remote FTP server is affected by a local buffer overflow vulnerability.
DescriptionThe remote host is using ProFTPD, a free FTP server for Unix and Linux.
According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.1rc1 and is affected by a local, stack-based buffer overflow. The function 'pr_ctrls_recv_request' in the file 'src/ctrls.c' belonging to the 'mod_ctrls' module does not properly handle large values in the 'reqarglen' parameter.
This error can allow a local attacker to execute arbitrary code.
SolutionUpgrade to ProFTPD version 1.3.1rc1 or later.