FreeBSD : proftpd -- Remote Code Execution Vulnerability (cca97f5f-7435-11db-91de-0008743bf21a)
High Nessus Plugin ID 23667
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionFrSIRT reports :
A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the 'main.c' file where the 'cmd_buf_size' size of the buffer used to handle FTP commands sent by clients is not properly set to the size configured via the 'CommandBufferSize' directive, which could be exploited by attackers to compromise a vulnerable server via a specially crafted FTP command.
SolutionUpdate the affected packages.