GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)
Critical Nessus Plugin ID 77986
The remote FTP server is affected by a remote code execution vulnerability.
The remote FTP server is affected by a remote code execution vulnerability due to an error in the Bash shell running on the remote host. A remote, unauthenticated attacker can execute arbitrary code on the remote host by sending a specially crafted request via the USER FTP command. The 'mod_exec' module exports the attacker-supplied username as an environment variable, which is then evaluated by Bash as code.