Back to search

ProFTPD sreplace() stack overflow

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) November 10, 2006 January 24, 2007 December 04, 2013

Available Exploits 

Description

ProFTPD releases prior to Nov 27, 2006 are susceptible to a stack-based buffer overflow which could allow an attacker to execute arbitrary code. The vulnerability relies on the sreplace() function, which is used by ProFTPD to expand built-in tokens into meaningful strings (such as the current working directory, a user name, etc.). The most common attack vector for this vulnerability is with the DisplayFirstChdir directive, which is enabled by default in most ProFTPD installations. This directive specifies a filename (usually ".message") which is processed automatically when a user creates a directory and executes a CHDIR to it for the first time. If the file specified by the DisplayFirstChdir directive is transferred to the directory (via a PUT command), ProFTPD will read the file automatically and pass the data to the vulnerable sreplace() function.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Upgrade to the latest version of ProFTPD

    Download and apply the upgrade from: ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2rc3.tar.gz

    Upgrade to the latest version of ProFTPD for your platform.

    • The latest stable release is 1.3.2, released on Feb 5, 2009.
    • The latest candidate release is 1.3.2rc4, released on Jan 23, 2009.

    See the ProFTPD website for more information on the latest release, including upgrade instructions.

  • Remove the Display* directives from proftpd.conf

    Modify the file '/etc/proftpd/proftpd.conf' or '/usr/local/etc/proftpd.conf' and comment out all lines with the DisplayFirstChdir, DisplayChdir, DisplayConnect, DisplayGoAway, DisplayLogin, or DisplayQuit directives by appending a '#' character at the front of the line. You must restart the ProFTPD service for the changes to take effect.

Related Vulnerabilities