Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).

The ProFTPD FTP server has problems with memory leaking that could be used in a DoS attack, as reported by Wojciech Purczynski. A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed.

The following problems have been reported for the version of proftpd in Debian 2.2 (potato) :

  - There is a memory leak in the SIZE command which can     result in a denial of service, as reported by Wojciech     Purczynski. This is only a problem if proftpd cannot     write to its scoreboard file; the default configuration     of proftpd in Debian is not vulnerable.
  - A similar memory leak affects the USER command, also as     reported by Wojciech Purczynski. The proftpd in Debian     2.2 is susceptible to this vulnerability; an attacker     can cause the proftpd daemon to crash by exhausting its     available memory.

  - There were some format string vulnerabilities reported     by Przemyslaw Frasunek. These are not known to have     exploits, but have been corrected as a precaution.

The remote ProFTPd server is as old or older than 1.2.0rc2. There is a format string vulnerability in this version that might allow an attacker to execute arbitrary code on this host.

The remote ProFTPd server is as old or older than 1.2.0rc2

There is a very hard to exploit format string vulnerability in this version that could allow an attacker to execute arbitrary code on this host.

The vulnerability is believed to be nearly impossible to exploit though.

ID	Name	Product	Family	Severity
61895	Mandrake Linux Security Advisory : proftpd (MDKSA-2001:021)	Nessus	Mandriva Local Security Checks	high
14866	Debian DSA-029-2 : proftpd - remote DOS & potential buffer overflow	Nessus	Debian Local Security Checks	high
1818	ProFTPD cwd Command Format String	Nessus Network Monitor	FTP Servers	critical
11407	ProFTPD 1.2.0rc2 Malformed cwd Command Format String	Nessus	FTP	critical
801024	ProFTPD cwd Command Format String	Log Correlation Engine	FTP Servers	high

Detections

Analytics

CVE-2001-0318

critical

Tenable Plugins

high

high

critical

critical

high