Signature Detail

FTP: Command Overflow

This signature detects overly long commands sent to an FTP server (greater than 1024 bytes). Such activity could be an indication of an exploit attempt.

Extended Description

ProFTPD is prone to a remote stack-based buffer-overflow vulnerability and a directory-traversal vulnerability because the application fails to perform adequate boundary checks on user-supplied data. A remote attacker can exploit the buffer-overflow vulnerability to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. A remote attacker can exploit the directory-traversal vulnerability to download and upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. ProFTPD version 1.3.3 is vulnerable.

Affected Products

• Debian linux 5.0
• Debian linux 5.0 Alpha
• Debian linux 5.0 Amd64
• Debian linux 5.0 Arm
• Debian linux 5.0 Armel
• Debian linux 5.0 Hppa
• Debian linux 5.0 Ia-32
• Debian linux 5.0 Ia-64
• Debian linux 5.0 M68k
• Debian linux 5.0 Mips
• Debian linux 5.0 Mipsel
• Debian linux 5.0 Powerpc
• Debian linux 5.0 S/390
• Debian linux 5.0 Sparc
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Mandriva enterprise_server 5
• Mandriva enterprise_server 5 X86 64
• Mandriva linux_mandrake 2009.0
• Mandriva linux_mandrake 2009.0 X86 64
• Mandriva linux_mandrake 2009.1
• Mandriva linux_mandrake 2009.1 X86 64
• Mandriva linux_mandrake 2010.0
• Mandriva linux_mandrake 2010.0 X86 64
• Mandriva linux_mandrake 2010.1
• Mandriva linux_mandrake 2010.1 X86 64
• Proftpd_project proftpd 1.3.3
• Red_hat fedora 12
• Red_hat fedora 13
• Red_hat fedora 14
• Slackware linux 11.0
• Slackware linux 12.0
• Slackware linux 12.1
• Slackware linux 12.2
• Slackware linux 13.0
• Slackware linux 13.0 X86 64
• Slackware linux 13.1
• Slackware linux 13.1 X86 64
• Slackware linux -Current
• Slackware linux X86 64 -Current

References

• BugTraq: 44562
• CVE: CVE-2010-4221
• CVE: CVE-2015-7767