Signature Detail

FTP: ProFTPD MKD Off-By-One

This signature detects attempts to exploit a known vulnerability against ProFTPD. Versions 1.3.0rc3 are vulnerable. Attackers can upload crafted .message files to a vulnerable server and trigger the off-by-one by causing the ftp server to display the file. A successful attack can result in exploitation of arbitrary code.

Extended Description

ProFTPD is prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error, allowing attackers to corrupt memory. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. ProFTPD versions prior to 1.3.0a are vulnerable to this issue. Update: This BID was recently updated to state that 'CommandBufferSize' was affected by a denial-of-service issue, but according to the vendor, that directive is not vulnerable.

Affected Products

• Debian linux 3.1.0
• Debian linux 3.1.0 Alpha
• Debian linux 3.1.0 Amd64
• Debian linux 3.1.0 Arm
• Debian linux 3.1.0 Hppa
• Debian linux 3.1.0 Ia-32
• Debian linux 3.1.0 Ia-64
• Debian linux 3.1.0 M68k
• Debian linux 3.1.0 Mips
• Debian linux 3.1.0 Mipsel
• Debian linux 3.1.0 Ppc
• Debian linux 3.1.0 S/390
• Debian linux 3.1.0 Sparc
• Gentoo linux
• Libpng libpng3 1.3.0
• Mandriva corporate_server 3.0.0
• Mandriva corporate_server 3.0.0 X86 64
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Mandriva linux_mandrake 2006.0.0
• Mandriva linux_mandrake 2006.0.0 X86 64
• Mandriva linux_mandrake 2007.0
• Mandriva linux_mandrake 2007.0 X86 64
• Openpkg openpkg 2.0.0
• Openpkg openpkg 2-Stable-20061018
• Openpkg openpkg Current
• Openpkg openpkg E1.0-Solid
• Proftpd_project proftpd 1.2.0
• Proftpd_project proftpd 1.2.0 .0Rc1
• Proftpd_project proftpd 1.2.0 .0Rc2
• Proftpd_project proftpd 1.2.0 .0Rc3
• Proftpd_project proftpd 1.2.0 Pre1
• Proftpd_project proftpd 1.2.0 Pre10
• Proftpd_project proftpd 1.2.0 Pre11
• Proftpd_project proftpd 1.2.0 Pre2
• Proftpd_project proftpd 1.2.0 Pre3
• Proftpd_project proftpd 1.2.0 Pre4
• Proftpd_project proftpd 1.2.0 Pre5
• Proftpd_project proftpd 1.2.0 Pre6
• Proftpd_project proftpd 1.2.0 Pre7
• Proftpd_project proftpd 1.2.0 Pre8
• Proftpd_project proftpd 1.2.0 Pre9
• Proftpd_project proftpd 1.2.1
• Proftpd_project proftpd 1.2.10
• Proftpd_project proftpd 1.2.2
• Proftpd_project proftpd 1.2.2 Rc1
• Proftpd_project proftpd 1.2.2 Rc3
• Proftpd_project proftpd 1.2.3
• Proftpd_project proftpd 1.2.4
• Proftpd_project proftpd 1.2.5
• Proftpd_project proftpd 1.2.5 Rc1
• Proftpd_project proftpd 1.2.6
• Proftpd_project proftpd 1.2.7
• Proftpd_project proftpd 1.2.7 Rc1
• Proftpd_project proftpd 1.2.7 Rc2
• Proftpd_project proftpd 1.2.7 Rc3
• Proftpd_project proftpd 1.2.8
• Proftpd_project proftpd 1.2.8 Rc1
• Proftpd_project proftpd 1.2.8 Rc2
• Proftpd_project proftpd 1.2.9
• Proftpd_project proftpd 1.2.9 Rc1
• Proftpd_project proftpd 1.2.9 Rc2
• Proftpd_project proftpd 1.2.9 Rc3
• Proftpd_project proftpd 1.3.0
• Proftpd_project proftpd 1.3.0 .0Rc1
• Proftpd_project proftpd 1.3.0 .0Rc2
• Proftpd_project proftpd 1.3.0 Rc3
• Slackware linux 10.0.0
• Slackware linux 10.1.0
• Slackware linux 10.2.0
• Slackware linux 11.0
• Slackware linux 8.1.0
• Slackware linux 9.0.0
• Slackware linux 9.1.0
• Trustix operating_system_enterprise_server 2.0
• Trustix secure_linux 2.2.0
• Trustix secure_linux 3.0.0
• Turbolinux appliance_server 1.0.0 Hosting Edition
• Turbolinux appliance_server 1.0.0 Workgroup Edition
• Turbolinux appliance_server 2.0
• Turbolinux appliance_server_hosting_edition 1.0.0
• Turbolinux appliance_server_workgroup_edition 1.0.0
• Turbolinux turbolinux_server 10.0.0
• Turbolinux turbolinux_server 10.0.0 X86
• Turbolinux turbolinux_server 8.0.0

References

• BugTraq: 20992
• CVE: CVE-2006-5815
• URL: http://bugs.proftpd.org/show_bug.cgi?id=2858