Tenable Network Security

	Nessus
	Download
	Plugins
	Newest Plugins
	Obtain an activation code
	View all plugins
	Search
	Documentation
	Register
	Buy Now
	ProfessionalFeed Support
	Bugs
	All the Tenable Products

ProFTPD < 1.3.0rc2 Multiple Remote Format Strings

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Family	FTP
Nessus Plugin ID	19302 (proftpd_1_3_0_rc2.nasl)
Bugtraq ID	14380 14381
CVE ID	CVE-2005-2390

Description:
Synopsis : The remote FTP server is affected by multiple vulnerabilities. Description : The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host suffers from multiple format string vulnerabilities, one involving the 'ftpshut' utility and the other in mod_sql's 'SQLShowInfo' directive. Exploitation of either requires involvement on the part of a site administrator and can lead to information disclosure, denial of service, and even a compromise of the affected system. See also : http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2 Solution : Upgrade to ProFTPD version 1.3.0rc2 or later. Risk factor : Medium / CVSS Base Score : 4.6 (CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org

ProFTPD < 1.3.0rc2 Multiple Remote Format Strings