Home / exploits vd_proftpd.pm.txt
Posted on 01 December 2006
Hi all, Name: ProFTPD remote buffer overflow vulnerability Vendor: http://www.proftpd.org Release date: 27 Nov, 2006 URL: http://www.gleg.net/proftpd.txt CVE: CVE-2006-5815 Author: Evgeny Legerov <research@gleg.net> I. DESCRIPTION A remotely exploitable stack overflow vulnerability has been found in ProFTPD server. The vulnerability allows a remote authenticated attacker to gain root privileges. II. DETAILS The vulnerability exists in sreplace() function from src/support.c Oversimplified analysis of the vulnerability is below: """ char *sreplace(pool *p, char *s, ...) { va_list args; char *m,*r,*src = s,*cp; char **mptr,**rptr; char *marr[33],*rarr[33]; char buf[PR_TUNABLE_PATH_MAX] = {'