ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow

2004-03-02T05:09:56
ID OSVDB:4134
Type osvdb
Reporter Phantasmal Phantasmagoria(phantasmal@hush.ai)
Modified 2004-03-02T05:09:56

Description

Vulnerability Description

A remote overflow exists in ProFTPD. It fails to handle off-by-one errors in the _xlate_ascii_write function. With a specially crafted request with RETR command containing 1023 bytes or more that begins with a LF (Line Feed) character an attacker execute arbitrary code on the system with the privileges of ProFTPD resulting in a loss of confidentiality ,integrity and availability.

Solution Description

Upgrade to latest version of ProFTPD (1.2.9rc3 or later), as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in ProFTPD. It fails to handle off-by-one errors in the _xlate_ascii_write function. With a specially crafted request with RETR command containing 1023 bytes or more that begins with a LF (Line Feed) character an attacker execute arbitrary code on the system with the privileges of ProFTPD resulting in a loss of confidentiality ,integrity and availability.

References:

Vendor URL: http://www.proftd.org Secunia Advisory ID:11039 Other Advisory URL: http://www.securityfocus.com/archive/1/355933 Keyword: ProFTPD,_xlate_ascii_write,ASCII,buffer overflow,RETR ISS X-Force ID: 15387 CVE-2004-0346 Bugtraq ID: 9782