The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ProFTPD Server

Discussion in 'General Discussion' started by alkahf.com, Mar 14, 2004.

  1. alkahf.com

    alkahf.com Member

    Joined:
    Dec 24, 2001
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    1 - FTP Servers : ProFTPD ASCII File Transfer Buffer Overrun Vulnerability

    Port: 21

    Description:
    A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD. This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded in ASCII mode. Successful exploitation will permit a malicious FTP user with upload access to execute arbitrary code in the context of the FTP server. It is also reported that ProFTPD does not adequately drop privileges in some circumstances, which may compound the risks associated with exploitation. This issue could also affect versions prior to 1.2.7, though this has not been confirmed.

    How to fix ?
    Upgrade to the current version of ProFTPD Server.

    Risk Level : High

    Related Links : ProFTPD Homepage. ftp://ftp.proftpd.org


    CVE : CAN-2003-0831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0831

    BugtraqID: 8679 http://www.securityfocus.com/bid/8679


    2 - FTP Servers : ProFTPD SQL Injection mod_sql Vulnerability

    Description:
    ProFTPD has been reported prone to SQL injection attacks. Specifically, ProFTPD versions that use the mod_sql module to manipulate PostgreSQL databases are prone to SQL injection attacks. The vulnerability occurs due to insufficient sanitization of user-supplied data when logging onto the FTP server.

    How to fix ?
    Upgrade to the current version of ProFTPD Server.

    Risk Level: High

    Related Links: ProFTPD Homepage. tp://ftp.proftpd.org


    CVE: CVE-MAP-NOMATCH http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-MAP-NOMATCH

    BugtraqID: 7974 http://www.securityfocus.com/bid/7974
     
  2. BrightAdmin

    BrightAdmin Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Hi,


    For FTP Servers : ProFTPD ASCII File Transfer Buffer Overrun Vulnerability. Try the remedy found in
    http://xforce.iss.net/xforce/xfdb/12200

    For FTP Servers : ProFTPD SQL Injection mod_sql Vulnerability,
    Do not use mod_sql with ProFTPD until an update is available.

    Regards,

    Bright:)
     
Loading...

Share This Page