ProFTPD mod_tls Buffer Overflow Vulnerability Date: Tuesday, November 28, 2006 @ 11:31:59 UTC Topic: Security SECUNIA ADVISORY ID: SA23141 VERIFY ADVISORY: http://secunia.com/advisories/23141/ CRITICAL: Moderately critical IMPACT: System access, DoS SOFTWARE: ProFTPD 1.3.x - http://secunia.com/product/5430/ ProFTPD 1.2.x - http://secunia.com/product/1250/ DESCRIPTION: Evgeny Legerov has reported a vulnerability in the mod_tls module for ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "tls_x509_name_oneline()" function in contrib/mod_tls.c. This can be exploited to cause a buffer overflow by sending specially crafted data to a server. Successful exploitation may allow execution of arbitrary code, but requires that ProFTPD uses the mod_tls module. The vulnerability is reported in version 1.3.0a. Other versions may also be affected. SOLUTION: Restrict access to trusted people only. PROVIDED AND/OR DISCOVERED BY: Evgeny Legerov ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2517