FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- Remote Code Execution Vulnerability

Affected packages
proftpd <= 1.3.0_2
proftpd-mysql <= 1.3.0_2


VuXML ID cca97f5f-7435-11db-91de-0008743bf21a
Discovery 2006-11-10
Entry 2006-11-14
Modified 2006-11-15

FrSIRT reports:

A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "main.c" file where the "cmd_buf_size" size of the buffer used to handle FTP commands sent by clients is not properly set to the size configured via the "CommandBufferSize" directive, which could be exploited by attackers to compromise a vulnerable server via a specially crafted FTP command.