ProFTPD postinst Installation Privilege Escalation

2001-03-07T00:00:00
ID OSVDB:5638
Type osvdb
Reporter OSVDB
Modified 2001-03-07T00:00:00

Description

Vulnerability Description

Debian ProFTPDd package installation scripts contain a flaw that leaves the service running as 'uid/root'. The issue is triggered when installation of the package occurs. It is possible that the flaw may allow unintended file system privileges, resulting in a loss of confidentiality.

Technical Description

Debian ProFTPd packages prior to 1.2.0pre10-2.0potato1 contain a configuration error in the postinst script that could allow an attacker to gain root access. If anonymous access is enabled during installation, the postinst script adds the 'run as uid/gid nobody' option in /etc/proftpd.conf, but fails to remove the 'run as uid/gid root' configuration option. In this configuration, the 'run as uid/gid nobody' option is ignored, and the package runs as root.

Solution Description

Upgrade to version proftpd 1.2.0pre10-2.0potato1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Debian ProFTPDd package installation scripts contain a flaw that leaves the service running as 'uid/root'. The issue is triggered when installation of the package occurs. It is possible that the flaw may allow unintended file system privileges, resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL ISS X-Force ID: 6208 CVE-2001-0456