Signature Detail
Short Name |
FTP:PROFTP:MOD-SQL-HEAP-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
ProFTP mod_sql Remote Heap Overflow |
Release Date |
2010/12/30 |
Update Number |
1842 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: ProFTP mod_sql Remote Heap Overflow
This signature detects attempts to exploit a known vulnerability in the ProFTP server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
ProFTPD is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- Mandriva Linux Mandrake 2010.1
- Mandriva Linux Mandrake 2010.1 X86 64
- Proftpd 1.3.0
- Proftpd 1.3.0 A
- Proftpd 1.3.0 RC1
- Proftpd 1.3.0 RC2
- Proftpd 1.3.0 Rc3
- Proftpd 1.3.0 Rc4
- Proftpd 1.3.0 Rc5
- Proftpd 1.3.1
- Proftpd 1.3.1 RC1
- Proftpd 1.3.1 Rc2
- Proftpd 1.3.1 Rc3
- Proftpd 1.3.2
- Proftpd 1.3.2 A
- Proftpd 1.3.2 B
- Proftpd 1.3.2 C
- Proftpd 1.3.2 D
- Proftpd 1.3.2 E
- Proftpd 1.3.2 RC1
- Proftpd 1.3.2 Rc2
- Proftpd 1.3.2 Rc3
- Proftpd 1.3.2 Rc4
- Proftpd 1.3.3
- Proftpd 1.3.3 A
- Proftpd 1.3.3 B
- Proftpd 1.3.3 C
- Proftpd 1.3.3 Rc1
- Proftpd 1.3.3 Rc2
- Proftpd 1.3.3 Rc3
- Proftpd 1.3.3 Rc4
- ProFTPD Project ProFTPD 1.3.1
- ProFTPD Project ProFTPD 1.3.2
- ProFTPD Project ProFTPD 1.3.2A
- ProFTPD Project ProFTPD 1.3.2B
- ProFTPD Project ProFTPD 1.3.2C
- ProFTPD Project ProFTPD 1.3.2 Rc2
- ProFTPD Project ProFTPD 1.3.2 Rc3
- ProFTPD Project ProFTPD 1.3.3
- ProFTPD Project ProFTPD 1.3.3c
- ProFTPD Project ProFTPD 1.3.3 Rc2
- Red Hat Fedora 13
- Red Hat Fedora 14
- Slackware Linux 11.0
- Slackware Linux 12.0
- Slackware Linux 12.1
- Slackware Linux 12.2
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux 13.1
- Slackware Linux 13.1 X86 64
References
- BugTraq: 33722
- BugTraq: 44933
- CVE: CVE-2009-0542
- URL: http://www.proftpd.org
- URL: http://phrack.org/issues.html?issue=67&id=7#article