TITLE:
ProFTPD ASCII File Translation Off-By-One Vulnerability
SECUNIA ADVISORY ID:
SA11039
VERIFY ADVISORY:
http://secunia.com/advisories/11039/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
ProFTPD 1.2.x
DESCRIPTION:
Phantasmal Phantasmagoria has reported a vulnerability in ProFTPD,
which potentially can be exploited by malicious users to compromise a
vulnerable system.
The vulnerability is caused due to two off-by-one errors in the
"_xlate_ascii_write()" function. These can be exploited by sending a
specially crafted "RETR" FTP command with a 1023 bytes long argument
starting with a linefeed character.
Successful exploitation may allow execution of arbitrary code with
the privileges of ProFTPD.
The vulnerability has been reported in the following versions:
* 1.2.7/1.2.7p
* 1.2.8/1.2.8p
* 1.2.9rc1/1.2.9rc1p
* 1.2.9rc2/1.2.9rc2p
SOLUTION:
The vulnerabilities are reportedly not present in version 1.2.9rc3
and later.
http://www.proftpd.org/download.html
PROVIDED AND/OR DISCOVERED BY:
Phantasmal Phantasmagoria
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/