0001946: CVE-2006-5815: remote code execution in ProFTPD

Mantis - proftpd
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1946	upgrade	major	always	2006-11-28 05:47	2010-10-24 11:35

Reporter:	blindpassenger	Platform:
Assigned To:	ai	OS:
Priority:	normal	OS Version:
Status:	closed	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:

Summary:	0001946: CVE-2006-5815: remote code execution in ProFTPD
Description:	Copied from www.proftpd.org: On 6 November 2006, Evgeny Legerov <admin@gleg.net> posted to BUGTRAQ[1], announcing his commercial VulnDisco Pack for Metasploit 2.7[2]. One of the included exploits, vd_proftpd.pm, takes advantage of an off-by-one string manipulation flaw in ProFTPD\'s sreplace() function to allow a remote attacker to execute arbitrary code. This vulnerabillity, identified as CVE-2006-5815[3], is believed to affect all versions of ProFTPD up to and including 1.3.0, but exploitability has only been demonstrated with version 1.3.0rc3. The demonstrated exploit relies on write access via FTP for exploitability, but other attack vectors may make exploitation of a read-only FTP server possible. This vulnerability has been patched[4] in the latest release of ProFTPD, 1.3.0a, which is available from the ProFTPD web site, http://www.proftpd.org/. [^] Mitigation techniques have also been developed for use until a patched version can be installed.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Issue History
Date Modified	Username	Field	Change
2010-10-24 11:34	ai	Status	new => assigned
2010-10-24 11:35	ai	Note Added: 0008394
2010-10-24 11:35	ai	Status	assigned => resolved
2010-10-24 11:35	ai	Resolution	open => fixed
2010-10-24 11:35	ai	Assigned To	=> ai
2010-10-24 11:35	ai	Status	resolved => closed

Notes