Vulnerability & Exploit Database

Back to search

ProFTPD sreplace() stack overflow

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) November 10, 2006 January 24, 2007 February 13, 2015

Available Exploits 


ProFTPD releases prior to Nov 27, 2006 are susceptible to a stack-based buffer overflow which could allow an attacker to execute arbitrary code. The vulnerability relies on the sreplace() function, which is used by ProFTPD to expand built-in tokens into meaningful strings (such as the current working directory, a user name, etc.). The most common attack vector for this vulnerability is with the DisplayFirstChdir directive, which is enabled by default in most ProFTPD installations. This directive specifies a filename (usually ".message") which is processed automatically when a user creates a directory and executes a CHDIR to it for the first time. If the file specified by the DisplayFirstChdir directive is transferred to the directory (via a PUT command), ProFTPD will read the file automatically and pass the data to the vulnerable sreplace() function.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities