125 matches found
ProFTPd 1.2.x - 'STAT' Denial of Service
source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition...
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...
CVE-1999-1475
ProFTPd 1.2 compiled with the modsqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command...
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory cwd...
ProFTPD STAT Command Remote DoS
The remote FTP server is affected by a denial of service vulnerability that is triggered when it receives a specially crafted STAT command. A remote attacker can exploit this to cause the consumption of all available memory. C Tenable Network Security, Inc. Script audit and contributions from...
[SECURITY] [DSA-032-2] proftp runs as root, /var symlink removal
Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes This is an update to the DSA-032-1 advisory. The powerpc package that was listed in that advisory was unfortunately compiled on the wrong system which caused it to not work on a Debian GNU/Linux 2.2...
[SECURITY] [DSA-032-1] proftp runs as root, /var symlink removal
Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes The following problems have been reported for the version of proftpd in Debian 2.2 potato: 1. There is a configuration error in the postinst script, when the user enters yes, when asked if anonymous...
CVE-2001-0027
modsqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users...
ProFTPd 1.2.0 pre10 - Remote Denial of Service
ProFTPd 1.2.0 pre10 - Remote Denial of Service / ProFTPd DoS version 1.1 Remote DoS in proFTPd Code by: JeT-Li -The Wushu Master- [email protected] Recently I posted a remote DoS for ProFTPd based in the multiple use of the SIZE command in order to crash the system. Now and thanks to the...
ProFTPd 1.2.0 pre10 - Remote Denial of Service
/ ProFTPd DoS version 1.1 Remote DoS in proFTPd Code by: JeT-Li -The Wushu Master- [email protected] Recently I posted a remote DoS for ProFTPd based in the multiple use of the SIZE command in order to crash the system. Now and thanks to the information provided by Wojciech Purczynski I have cod...
ProFTPd 1.2.0 rc2 - Memory Leakage
ProFTPd 1.2.0 rc2 - Memory Leakage / | Proftpd DoS | by Piotr Zurawski [email protected] | This source is just an example of memory leakage in proftpd-1.2.0rc2 | server discovered by Wojciech Purczynski. | / include include include include include include include include include include include...
ProFTPd 1.2 - 'SIZE' Remote Denial of Service
source: https://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient number of these commands are executed by the...
Memory leakage in proftpd leads to remote DoS
Hello, Proftpd has memory leakage bug if it executes SIZE FTP command. Using 5000 SIZE commands causes proftpd to consume over 300kB of memory. Exploiting this bug with more SIZE commands gives us simple DoS attack. Anonymous access is sufficient to use SIZE commands and to exploit this bug. I've...
ProFTPd 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - SIZE Remote Denial of Service source: https://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient...
Дырка в ProFTPD (mod_sqlpw Password Caching)
Авторизованный пользоватлеь может переключиться в другого не зхная пароля...
FreeBSD-SA-00:35.proftpd
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:35 Security Advisory FreeBSD, Inc. Topic: proftpd port contains remote root compromise Category: ports Module: proftpd Announced: 2000-08-14 Credits: lamagra Affects:...
proftp advisory
http://lamagra.seKure.de: advisory 1 Advisory: misc. bugs Programname: proftpd Versions: 1.2.0 = pre10 Vendor: proftpd.net Severity: high root shell and low Contact: [email protected] Bug1: void setproctitlechar fmt,... in src/main.c snippet memsetstatbuf, 0, sizeofstatbuf; vsnprintfstatbuf,...
CVE-1999-1475
ProFTPd 1.2 compiled with the modsqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command...
ProFTPD NLST Command Argument Handling Remote Overflow
It was possible to crash the remote FTP server by issuing a specially crafted command, such as 'NLST aaaXXXX%u%...%u%u%u%%u%653300u%n' where 'XXXX' is replaced with four characters - ASCII values 0xDC, 0x4F, 0x07 and 0x08. This issue is known to affect ProFTPD version 1.2.0pre6, although other FT...
ProFTPd 1.2 pre6 - snprintf Remote Root
ProFTPd 1.2 pre6 - snprintf Remote Root source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the comman...