ProFTPD Telnet IAC buffer overflow
Added: 01/21/2011CVE: CVE-2010-4221
BID: 44562
OSVDB: 68985
Background
ProFTPD is free FTP Server software for Unix and Linux platforms.Problem
A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNET_IAC escape sequence to the FTP service.Resolution
Upgrade to ProFTPD 1.3.3c or higher.References
http://www.zerodayinitiative.com/advisories/ZDI-10-229/Limitations
Exploit works on ProFTPD 1.3.2c-1 on Ubuntu 10.04 LTS.Note that because a security cookie exists on the stack and the security cookie stays the same for spawned child processes, this exploit brute-forces the security cookie and may take an excessively long time to find the right one. Therefore, this exploit is unlikely to succeed before it times out. To improve the odds of success, modify the timeout setting in the exploit plug-in, and allow it to run individually for several days.
Platforms
Linux / UbuntuBack to exploit index