ProFTPD sreplace() stack overflow
|10||(AV:N/AC:L/Au:N/C:C/I:C/A:C)||November 10, 2006||January 24, 2007||July 13, 2012|
ProFTPD releases prior to Nov 27, 2006 are susceptible to a stack-based buffer overflow which could allow an attacker to execute arbitrary code. The vulnerability relies on the sreplace() function, which is used by ProFTPD to expand built-in tokens into meaningful strings (such as the current working directory, a user name, etc.). The most common attack vector for this vulnerability is with the DisplayFirstChdir directive, which is enabled by default in most ProFTPD installations. This directive specifies a filename (usually ".message") which is processed automatically when a user creates a directory and executes a CHDIR to it for the first time. If the file specified by the DisplayFirstChdir directive is transferred to the directory (via a PUT command), ProFTPD will read the file automatically and pass the data to the vulnerable sreplace() function.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- DEBIAN: http://www.debian.org/security/dsa-1222
- SECUNIA: http://secunia.com/advisories/22803/
- SECUNIA: http://secunia.com/advisories/22821/
- SECUNIA: http://secunia.com/advisories/23000/
- SECUNIA: http://secunia.com/advisories/23069/
- SECUNIA: http://secunia.com/advisories/23125/
- SECUNIA: http://secunia.com/advisories/23174/
- SECUNIA: http://secunia.com/advisories/23179/
- SECUNIA: http://secunia.com/advisories/23184/
- SECUNIA: http://secunia.com/advisories/23207/
- URL: http://bugs.proftpd.org/show_bug.cgi?id=2858
- URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:217
- URL: http://gleg.net/vulndisco_meta.shtml
- URL: http://www.frsirt.com/english/advisories/2006/4451
- URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1
- URL: http://www.securityfocus.com/archive/1/archive/1/452760/100/200/threaded
- URL: http://www.trustix.org/errata/2006/0066/
- URL: http://www.trustix.org/errata/2006/0070
- URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
- XF: http://xforce.iss.net/xforce/xfdb/30147
- Upgrade to the latest version of ProFTPD
Download and apply the upgrade from: ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2rc3.tar.gz
Upgrade to the latest version of ProFTPD for your platform.
- The latest stable release is 1.3.2, released on Feb 5, 2009.
- The latest candidate release is 1.3.2rc4, released on Jan 23, 2009.
See the ProFTPD website for more information on the latest release, including upgrade instructions.
- Remove the Display* directives from proftpd.conf
Modify the file '/etc/proftpd/proftpd.conf' or '/usr/local/etc/proftpd.conf' and comment out all lines with the DisplayFirstChdir, DisplayChdir, DisplayConnect, DisplayGoAway, DisplayLogin, or DisplayQuit directives by appending a '#' character at the front of the line. You must restart the ProFTPD service for the changes to take effect.