|
ProFTPD "mod_ctrls" Privilege Escalation Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA23371
|
|
|
Release Date:
|
2006-12-14
|
|
Last Update:
|
2007-02-14
|
|
|
Critical:
|

Not critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | ProFTPD 1.2.x ProFTPD 1.3.x
|
| | CVE reference: | CVE-2006-6563 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: Alfredo Ortega has reported a vulnerability in the mod_ctrls module for ProFTPD, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error within the "pr_ctrls_recv_request()" function in src/ctrls.c and can be exploited to cause a buffer overflow by sending specially crafted control messages to the module.
Successful exploitation may allow to execute arbitrary code with escalated privileges, but requires that the mod_ctrl module is used and that ACLs allow the attacker to access the module.
The vulnerability is reported in versions prior to 1.3.1rc1.
Solution: Update to version 1.3.1rc1.
Provided and/or discovered by: Alfredo Ortega, Core Security Technologies.
Changelog: 2006-12-18: Added CVE reference.
2007-02-14: Updated "From where" field.
Original Advisory: http://www.coresecurity.com/?module=ContentMod&action=item&id=1594
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
10 Related Secunia Security Advisories
|
|
|
1. ProFTPD Auth API Multiple Authentication Modules Security Issue
|
|
2. ProFTPD mod_tls Buffer Overflow Vulnerability
|
|
3. ProFTPD "CommandBufferSize" Denial of Service Vulnerability
|
|
4. ProFTPD "sreplace()" Buffer Overflow Vulnerability
|
|
5. ProFTPD Two Format String Vulnerabilities
|
|
6. ProFTPD User Enumeration Weakness
|
|
7. ProFTPD CIDR Addressing ACL and "site chgrp" Security Issues
|
|
8. ProFTPD ASCII File Translation Off-By-One Vulnerability
|
|
9. ProFTPD ASCII Mode File Transfer Buffer Overflow Vulnerability
|
|
10. ProFTPD mod_sql SQL Injection
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|