The specific version of ProFTPD that the system is running is reportedly affected by the following vulnerabilities:

- ProFTPD contains a flaw that may result in Diffie Hellman key exchanges using 1024 bits instead of the intended 4096 bits. This may result in them being significantly less cryptographically secure. (CVE-2016-3125)

- ProFTPD contains an out-of-bounds read flaw in the pr_fs_dircat() function in fsio.c that may allow a remote attacker to cause a crash or potentially disclose memory contents.

The remote host is using ProFTPD, a free FTP server for Unix and Linux. 

Versions of ProFTPD earlier than 1.3.3g / 1.3.4 are potentially affected by a code execution vulnerability due to how the server manages the response pool that is used to send responses from the server to the client.  A remote, authenticated attacker, exploiting this flaw, could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  According to its banner, the version of ProFTPD installed on the remote host suffers from a flaw where a user can bypass access controls.  An attacker exploiting this flaw would need the ability to authenticate to the server. Successful exploitation would result in the attacker elevating privileges or accessing confidential data.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  The version of ProFTPD running on the remote host allows the percent character, '%', within the username.  This would allow attackers to inject special SQL characters such as a single quote.  An attacker exploiting this flaw would be able to execute arbitrary SQL commands against the database server.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  The version of ProFTPD running on the remote host splits an overly long FTP command into a series of shorter ones and executes each in turn.  If an attacker can trick a ProFTPD administrator into accessing a specially-formatted HTML link, he may be able to cause arbitrary FTP commands to be executed in the context of the affected application with the administrator's privileges.

The remote ProFTPd server is as old or older than 1.2.0rc2. There is a format string vulnerability in this version that might allow an attacker to execute arbitrary code on this host.

The remote host is running a version of ProFTPd which seems to be vulnerable to a buffer overflow when a user downloads a malformed ASCII file.
An attacker with upload privileges on this host may abuse this flaw to gain a root shell on this host.

The remote ProFTPd server is as old or older than 1.2.10.
It is possible to determine which user names are valid on the remote host based on timing analysis attack of the login procedure.
An attacker may use this flaw to set up a list of valid usernames for a more efficient brute-force attack against the remote host.

The remote ProFTPd server is vulnerable to a buffer overflow when issued a too long mkdir command. An attacker may use this flaw to execute arbitrary commands on the remote host.

Based on the system log, this system is running a ProFTP Server.

Based on the log from the Very Secure FTP daemon, this host is running an FTP service.

Based on the log from the Pure FTP daemon, this host is running an FTP service.

Based on the system log, this Cerberus host is running an FTP service.

Based on the log from the ftp daemon, this host is running an FTP service.

Based on the system log, this PowerTech host is actively running an FTP server.

This version of FileZilla is reported to be vulnerable to a Denial of Service (DoS) attack.  The nature of the attack seems to take place within the SSL/TLS code.  An attacker exploiting this flaw would be able to crash the service.

According to its version, the FileZilla Server Interface installed on the remote host is affected by several denial of service flaws that could be leveraged by an authenticated attacker to crash the server and deny service to legitimate users.

The remote host is running FileZilla, an FTP server.  There is a flaw in the remote version of this software that may allow an authenticated attacker to issue a malformed request such that a buffer overflow occurs.  Successful exploitation would result in the attacker executing arbitrary code.

The remote host is running the FileZilla FTP server.  There is a flaw in the remote version of this software that may allow an authenticated attacker to crash the remote host by requesting DOS devices such as CON, NUL, etc., or by misusing the zlib compression mode.  In addition, there is a local client flaw within the FileZilla server component. A local user on the FileZilla server who is enticed to initiate an FTP connection to a malicious server can be exploited.

The LCE observed a log message from a FileZilla FTP server which indicated the version.

The LCE observed a log which indicates that the FTP servers allows anonymous logins.

The LCE observed a log message from a FTP server which indicated the version.

ID	Name	Severity
802012	ProFTPD 1.3.5a, 1.3.6rc1 Multiple Vulnerabilities	critical
801028	ProFTPD < 1.3.3g / 1.3.4 Response Pool Use-After-Free Code Execution	high
801029	ProFTPD < 1.3.0rc4 Multiple Modules Authentication Bypass	medium
801027	ProFTPD Username Variable Substitution SQL Injection	high
801026	ProFTPD Command Truncation Cross-Site Request Forgery	medium
801024	ProFTPD cwd Command Format String	high
801023	ProFTPd ASCII Newline Character Overflow	high
801022	ProFTPD < 1.2.11 Remote User Enumeration	medium
801021	ProFTPd < 1.2.0pre6 mkdir Command Overflow	high
801020	ProFTP Version Discovered	info
800646	VSFTP FTP Server Detected	info
800645	Pure FTP Server Detected	info
800644	Cerberus FTP Service Detected	info
800643	FTPd Service Detected	info
800633	FTP server Detected	info
800516	FileZilla FTP Server < 0.9.31 SSL/TLS Packet Overflow DoS	medium
800515	FileZilla FTP Server < 0.9.22 Multiple Remote DoS	medium
800514	FileZilla FTP Server < 0.9.17 MLSD Command Overflow	medium
800513	FileZilla FTP Server < 0.9.6 Multiple DoS	high
800512	FileZilla FTP Server	info
800511	Anonymous FTP Enabled	medium
800122	WU-FTPD Server	info

Detections

Analytics

FTP Servers Family for Log Correlation Engine

critical

high

medium

high

medium

high

high

medium

high

info

info

info

info

info

info

medium

medium

medium

high

info

medium

info