|
|
|
|
|
|
|
| |
ProFTPD File Transfer Newline Character Overflow |
|
| This script is Copyright (C) 2003-2010 Tenable Network Security, Inc. |
|
|
| Family | FTP |
| Nessus Plugin ID | 11849 (proftpd_ascii_overflow.nasl) |
| Bugtraq ID | 8679
|
| CVE ID | CVE-2003-0831
|
|
| Description: |
Synopsis :
Arbitrary code may be run on the remote server.
Description :
The remote host is running a version of ProFTPD which seems to be
vulnerable to a buffer overflow when a user downloads a malformed ASCII
file.
An attacker with upload privileges on this host may abuse this flaw to
gain a root shell on this host.
*** The author of ProFTPD did not increase the version number
*** of his product when fixing this issue, so it might be false
*** positive.
Solution :
Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p
Risk factor :
High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
|
|
|
|
|
|
