proftpd
Page content
- Author: voroskoi
- Vulnerable: 1.3.0-4siwenna1
- Unaffected: 1.3.0-5siwenna1
Alfredo Ortega has reported a vulnerability in the mod_ctrls module for ProFTPD, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the “pr_ctrls_recv_request()” function in src/ctrls.c and can be exploited to cause a buffer overflow by sending specially crafted control messages to the module. Successful exploitation may allow to execute arbitrary code with escalated privileges, but requires that the mod_ctrl module is used and that ACLs allow the attacker to access the module.
- Bug Tracker URL: http://bugs.frugalware.org/task/1538