FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- format string vulnerabilities

Affected packages
proftpd < 1.3.0.rc2
proftpd-mysql < 1.3.0.rc2

Details

VuXML ID c28f4705-043f-11da-bc08-0001020eed82
Discovery 2005-07-26
Entry 2005-08-03

The ProFTPD release notes states:

sean <infamous42md at hotpop.com> found two format string vulnerabilities, one in mod_sql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited.

These vulnerabilities could potentially lead to information disclosure, a denial-of-server situation, or execution of arbitrary code with the permissions of the user running ProFTPD.

References

CVE Name CVE-2005-2390
URL http://www.gentoo.org/security/en/glsa/glsa-200508-02.xml
URL http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2