ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011
CVE: CVE-2010-4221
BID: 44562
OSVDB: 68985

Background

ProFTPD is free FTP Server software for Unix and Linux platforms.

Problem

A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNET_IAC escape sequence to the FTP service.

Resolution

Upgrade to ProFTPD 1.3.3c or higher.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-229/

Limitations

Exploit works on ProFTPD 1.3.2c-1 on Ubuntu 10.04 LTS.

Note that because a security cookie exists on the stack and the security cookie stays the same for spawned child processes, this exploit brute-forces the security cookie and may take an excessively long time to find the right one. Therefore, this exploit is unlikely to succeed before it times out. To improve the odds of success, modify the timeout setting in the exploit plug-in, and allow it to run individually for several days.

Platforms

Linux / Ubuntu

Back to exploit index