FreeBSD : proftpd -- arbitrary code execution vulnerability with chroot (022a4c77-2da4-11e1-b356-00215c6a37bb)
High Nessus Plugin ID 57402
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe FreeBSD security advisory FreeBSD-SA-11:07.chroot reports :
If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...).
Proftpd shares the same problem of a similar nature.
SolutionUpdate the affected packages.