Sign In
Register
Help
Quote
Summary
ISS X-Force has discovered a flaw in the ProFTPD UNIX FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for UNIX that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers.
Details
Affected Versions:
* ProFTPD version 1.2.7
* ProFTPD version 1.2.8
* ProFTPD version 1.2.8rc1
* ProFTPD version 1.2.8rc2
* ProFTPD version 1.2.9rc1
* ProFTPD version 1.2.9rc2
Note: versions before version 1.2.7 may also be vulnerable.
A vulnerability exists in the ProFTPD server that can be triggered by remote attackers when transferring files from the FTP server in ASCII mode. The attacker must have the ability to upload a file to the server, and then attempt to download the same file to trigger the vulnerability.
The vulnerability occurs when a file is being transferred in ASCII mode. During a transfer of this type, file data is examined in 1024 byte chunks to check for newline (\n) characters. The translation of these newline characters is not handled correctly, and a buffer overflow can manifest if ProFTPD parses a specially crafted file.
The ProFTPD daemon makes an effort to drop superuser privileges to limit the privilege level associated with any successful attack. However, X-Force has demonstrated that this security check can be bypassed, and superuser access can be gained by a remote attacker.
Impact:
An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites.
Workaround:
Successful exploitation is not possible if attackers cannot upload files to a vulnerable FTP server. Where possible it is advisable to disable the ability for users to perform FTP uploads, either with file permissions or using ProFTPD configuration parameters:
<Limit WRITE>
DenyAll
</Limit>
Risk can also be mitigated by using configuration options that cause root privileges to be dropped altogether by the ProFTPD daemon (although this feature may disable certain ProFTPD functionality):
RootRevoke on
X-Force recommends that ProFTPD users upgrade to the patched version of ProFTPD when it becomes available.
ISS X-Force has discovered a flaw in the ProFTPD UNIX FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for UNIX that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers.
Details
Affected Versions:
* ProFTPD version 1.2.7
* ProFTPD version 1.2.8
* ProFTPD version 1.2.8rc1
* ProFTPD version 1.2.8rc2
* ProFTPD version 1.2.9rc1
* ProFTPD version 1.2.9rc2
Note: versions before version 1.2.7 may also be vulnerable.
A vulnerability exists in the ProFTPD server that can be triggered by remote attackers when transferring files from the FTP server in ASCII mode. The attacker must have the ability to upload a file to the server, and then attempt to download the same file to trigger the vulnerability.
The vulnerability occurs when a file is being transferred in ASCII mode. During a transfer of this type, file data is examined in 1024 byte chunks to check for newline (\n) characters. The translation of these newline characters is not handled correctly, and a buffer overflow can manifest if ProFTPD parses a specially crafted file.
The ProFTPD daemon makes an effort to drop superuser privileges to limit the privilege level associated with any successful attack. However, X-Force has demonstrated that this security check can be bypassed, and superuser access can be gained by a remote attacker.
Impact:
An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites.
Workaround:
Successful exploitation is not possible if attackers cannot upload files to a vulnerable FTP server. Where possible it is advisable to disable the ability for users to perform FTP uploads, either with file permissions or using ProFTPD configuration parameters:
<Limit WRITE>
DenyAll
</Limit>
Risk can also be mitigated by using configuration options that cause root privileges to be dropped altogether by the ProFTPD daemon (although this feature may disable certain ProFTPD functionality):
RootRevoke on
X-Force recommends that ProFTPD users upgrade to the patched version of ProFTPD when it becomes available.
----edit----
just found out this is old, (late 2k3) can someone delete this
MultiQuote
