Signature Detail

FTP: ProFTPD MKD Off-By-One

This signature detects attempts to exploit a known vulnerability against ProFTPD. Versions 1.3.0rc3 are vulnerable. Attackers can upload crafted .message files to a vulnerable server and trigger the off-by-one by causing the ftp server to display the file. A successful attack can result in exploitation of arbitrary code.

Extended Description

ProFTPD is prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error, allowing attackers to corrupt memory. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. ProFTPD versions prior to 1.3.0a are vulnerable to this issue. Update: This BID was recently updated to state that 'CommandBufferSize' was affected by a denial-of-service issue, but according to the vendor, that directive is not vulnerable.

Affected Products

• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Gentoo Linux
• libpng libpng3 1.3.0
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2006.0.0
• Mandriva Linux Mandrake 2006.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• OpenPKG 2.0.0
• OpenPKG 2-Stable-20061018
• OpenPKG Current
• OpenPKG E1.0-Solid
• ProFTPD Project ProFTPD 1.2.0
• ProFTPD Project ProFTPD 1.2.0 .0Rc1
• ProFTPD Project ProFTPD 1.2.0 .0Rc2
• ProFTPD Project ProFTPD 1.2.0 .0Rc3
• ProFTPD Project ProFTPD 1.2.0 Pre1
• ProFTPD Project ProFTPD 1.2.0 Pre10
• ProFTPD Project ProFTPD 1.2.0 Pre11
• ProFTPD Project ProFTPD 1.2.0 Pre2
• ProFTPD Project ProFTPD 1.2.0 Pre3
• ProFTPD Project ProFTPD 1.2.0 Pre4
• ProFTPD Project ProFTPD 1.2.0 Pre5
• ProFTPD Project ProFTPD 1.2.0 Pre6
• ProFTPD Project ProFTPD 1.2.0 Pre7
• ProFTPD Project ProFTPD 1.2.0 Pre8
• ProFTPD Project ProFTPD 1.2.0 Pre9
• ProFTPD Project ProFTPD 1.2.1
• ProFTPD Project ProFTPD 1.2.10
• ProFTPD Project ProFTPD 1.2.2
• ProFTPD Project ProFTPD 1.2.2 Rc1
• ProFTPD Project ProFTPD 1.2.2 Rc3
• ProFTPD Project ProFTPD 1.2.3
• ProFTPD Project ProFTPD 1.2.4
• ProFTPD Project ProFTPD 1.2.5
• ProFTPD Project ProFTPD 1.2.5 Rc1
• ProFTPD Project ProFTPD 1.2.6
• ProFTPD Project ProFTPD 1.2.7
• ProFTPD Project ProFTPD 1.2.7 Rc1
• ProFTPD Project ProFTPD 1.2.7 Rc2
• ProFTPD Project ProFTPD 1.2.7 Rc3
• ProFTPD Project ProFTPD 1.2.8
• ProFTPD Project ProFTPD 1.2.8 Rc1
• ProFTPD Project ProFTPD 1.2.8 Rc2
• ProFTPD Project ProFTPD 1.2.9
• ProFTPD Project ProFTPD 1.2.9 Rc1
• ProFTPD Project ProFTPD 1.2.9 Rc2
• ProFTPD Project ProFTPD 1.2.9 Rc3
• ProFTPD Project ProFTPD 1.3.0
• ProFTPD Project ProFTPD 1.3.0 .0Rc1
• ProFTPD Project ProFTPD 1.3.0 .0Rc2
• ProFTPD Project ProFTPD 1.3.0 Rc3
• Slackware Linux 10.0.0
• Slackware Linux 10.1.0
• Slackware Linux 10.2.0
• Slackware Linux 11.0
• Slackware Linux 8.1.0
• Slackware Linux 9.0.0
• Slackware Linux 9.1.0
• Trustix Operating System Enterprise Server 2.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Appliance Server 2.0
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 10.0.0 X86
• Turbolinux Turbolinux Server 8.0.0

References

• BugTraq: 20992
• CVE: CVE-2006-5815
• URL: http://bugs.proftpd.org/show_bug.cgi?id=2858