Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.

According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.1rc1 and is affected by a local, stack-based buffer overflow. The function 'pr_ctrls_recv_request' in the file 'src/ctrls.c' belonging to the 'mod_ctrls' module does not properly handle large values in the 'reqarglen' parameter.

This error can allow a local attacker to execute arbitrary code.

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

Packages have been patched to correct these issues.

The remote host is affected by the vulnerability described in GLSA-200702-02 (ProFTPD: Local privilege escalation)

    A flaw exists in the mod_ctrls module of ProFTPD, normally used to     allow FTP server administrators to configure the daemon at runtime.
  Impact :

    An FTP server administrator permitted to interact with mod_ctrls could     potentially compromise the ProFTPD process and execute arbitrary code     with the privileges of the FTP Daemon, which is normally the root user.
  Workaround :

    Disable mod_ctrls, or ensure only trusted users can access this     feature.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  According to its banner, the version of ProFTPD installed on the remote host suffers from multiple format string vulnerabilities, one involving the 'ftpshut' utility and the other in mod_sql's 'SQLShowInfo' directive.  Exploitation of either requires involvement on the part of a site administrator and can lead to information disclosure, denial of service, and even a compromise of the affected system.

ID	Name	Product	Family	Severity
17718	ProFTPD < 1.3.1rc1 mod_ctrls Module pr_ctrls_recv_request Function Local Overflow	Nessus	FTP	medium
24615	Mandrake Linux Security Advisory : proftpd (MDKSA-2006:232)	Nessus	Mandriva Local Security Checks	medium
24351	GLSA-200702-02 : ProFTPD: Local privilege escalation	Nessus	Gentoo Local Security Checks	medium
3113	ProFTPD < 1.3.0rc2 Multiple Format Strings	Nessus Network Monitor	FTP Servers	high

Detections

Analytics

CVE-2006-6563

high

Tenable Plugins

medium

medium

medium

high