ProFTP welcome message buffer overflow

Added: 10/01/2009
BID: 36128
OSVDB: 57394

Background

Labtam ProFTP is an FTP client program for Microsoft Windows.

Problem

A buffer overflow vulnerability allows command execution when a user connects to an FTP server which sends a specially crafted welcome message.

Resolution

Apply a fix from the vendor when available. Do not connect to untrusted FTP servers.

References

http://secunia.com/advisories/36446/

Limitations

Exploit works on ProFTP 2.9 and requires a user to connect to the exploit FTP server using ProFTP.

This exploit requires the ability to bind to port 21/tcp on the SAINTexploit host. That is, no other FTP server can be running on the SAINTexploit host.

Platforms

Windows

Back to exploit index