Back to search

ProFTPD sreplace() stack overflow

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) November 09, 2006 January 23, 2007 December 03, 2013

Available Exploits 

Description

ProFTPD releases prior to Nov 27, 2006 are susceptible to a stack-based buffer overflow which could allow an attacker to execute arbitrary code. The vulnerability relies on the sreplace() function, which is used by ProFTPD to expand built-in tokens into meaningful strings (such as the current working directory, a user name, etc.). The most common attack vector for this vulnerability is with the DisplayFirstChdir directive, which is enabled by default in most ProFTPD installations. This directive specifies a filename (usually ".message") which is processed automatically when a user creates a directory and executes a CHDIR to it for the first time. If the file specified by the DisplayFirstChdir directive is transferred to the directory (via a PUT command), ProFTPD will read the file automatically and pass the data to the vulnerable sreplace() function.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

proftpd-upgrade-latest

Related Vulnerabilities