proftpd -- Remote Code Execution Vulnerability

2006-11-10T00:00:00
ID CCA97F5F-7435-11DB-91DE-0008743BF21A
Type freebsd
Reporter FreeBSD
Modified 2006-11-15T00:00:00

Description

FrSIRT reports:

A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "main.c" file where the "cmd_buf_size" size of the buffer used to handle FTP commands sent by clients is not properly set to the size configured via the "CommandBufferSize" directive, which could be exploited by attackers to compromise a vulnerable server via a specially crafted FTP command.