ProFTPD < 1.3.1rc1 mod_ctrls Module pr_ctrls_recv_request Function Local Overflow

Medium Nessus Plugin ID 17718

Synopsis

The remote FTP server is affected by a local buffer overflow vulnerability.

Description

The remote host is using ProFTPD, a free FTP server for Unix and Linux.

According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.1rc1 and is affected by a local, stack-based buffer overflow. The function 'pr_ctrls_recv_request' in the file 'src/ctrls.c' belonging to the 'mod_ctrls' module does not properly handle large values in the 'reqarglen' parameter.

This error can allow a local attacker to execute arbitrary code.

Solution

Upgrade to ProFTPD version 1.3.1rc1 or later.

See Also

http://www.securityfocus.com/archive/1/archive/1/454320/100/0/threaded

http://sourceforge.net/mailarchive/message.php?msg_id=168826

Plugin Details

Severity: Medium

ID: 17718

File Name: proftpd_1_3_1_rc1.nasl

Version: 1.6

Type: remote

Family: FTP

Published: 2011/11/18

Modified: 2018/07/25

Dependencies: 10084, 10092

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.6

Temporal Score: 5.5

Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:proftpd:proftpd

Required KB Items: ftp/proftpd, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/12/12

Vulnerability Publication Date: 2006/12/12

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-6563

BID: 21587

EDB-ID: 394, 3330, 3333