FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- Long Command Processing Vulnerability

Affected packages
proftpd < 1.3.2rc2
proftpd-mysql < 1.3.2rc2
proftpd-devel < 1.3.20080922

Details

VuXML ID 0f51f2c9-8956-11dd-a6fe-0030843d3802
Discovery 2008-09-22
Entry 2008-09-23
Modified 2010-05-12

Secunia reports:

The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following malicious link.

[source]

References

CVE Name CVE-2008-4242
CVE Name CVE-2008-4247
URL http://bugs.proftpd.org/show_bug.cgi?id=3115
URL http://secunia.com/advisories/31930/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.