Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

This update fixes a security issue where an attacker could conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands. It also fixes some SSL shutdown issues seen with certain clients.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

UnixおよびLinux用の無料のFTPサーバーであるProFTPDが、リモートホストで使用されています。

リモートホストで実行されているProFTPDのバージョンは、過度に長いFTPコマンドを一連の短いコマンドに分割し、それぞれを順番に実行します。攻撃者がProFTPD管理者を騙して特別にフォーマットされたHTMLリンクにアクセスさせると、影響を受けるアプリケーションのコンテキストで、管理者の権限を使用して任意のFTPコマンドが実行される可能性があります。

遠端主機正在使用 ProFTPD，其為適用於 Unix 和 Linux 的免費 FTP 伺服器。

遠端主機上執行的 ProFTPD 版本會將一個過長的 FTP 命令分割為一系列較短的命令，並依次執行每個命令。如果攻擊者可誘騙 ProFTPD 管理員存取特殊格式的 HTML 連結，則使用系統管理員的權限，可以在受影響應用程式的內容中執行任意 FTP 命令。

远程主机正在使用 ProFTPD，一款用于 Unix 和 Linux 的免费 FTP 服务器。

远程主机上运行的 ProFTPD 版本将过长的 FTP 命令拆分为一系列短命令，然后依次执行。如果攻击者诱骗 ProFTPD 管理员访问特殊格式的 HTML 链接，则攻击者可以管理员特权在受影响应用程序环境中执行任意 FTP 命令。

Secunia reports :

The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g.
tricking the user into following malicious link.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.

The version of ProFTPD running on the remote host splits an overly long FTP command into a series of shorter ones and executes each in turn.  If an attacker can trick a ProFTPD administrator into accessing a specially-formatted HTML link, arbitrary FTP commands could be executed in the context of the affected application with the administrator's privileges.

multiple vulnerabilities has been identified and fixed in proftpd :

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. (CVE-2008-4242)

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a '%' (percent) character in the username, which introduces a ''' (single quote) character during variable substitution by mod_sql.
(CVE-2009-0542)

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. (CVE-2009-0543)

The updated packages have been upgraded to the latest proftpd version (1.3.2) to prevent this.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  The version of ProFTPD running on the remote host splits an overly long FTP command into a series of shorter ones and executes each in turn.  If an attacker can trick a ProFTPD administrator into accessing a specially-formatted HTML link, he may be able to cause arbitrary FTP commands to be executed in the context of the affected application with the administrator's privileges.

ID	名前	製品	ファミリー	公開日	更新日	深刻度
35252	Debian DSA-1689-1 : proftpd-dfsg - missing input validation	Nessus	Debian Local Security Checks	2008/12/22	2021/1/4	medium
35389	Fedora 9 : proftpd-1.3.1-8.fc9 (2009-0064)	Nessus	Fedora Local Security Checks	2009/1/16	2021/1/11	medium
34265	ProFTPDコマンドの切り捨てのクロスサイトリクエスト偽造	Nessus	FTP	2008/9/23	2020/3/27	medium
34265	ProFTPD 命令截斷跨網站要求偽造	Nessus	FTP	2008/9/23	2020/3/27	medium
34265	ProFTPD 命令截断跨站请求伪造	Nessus	FTP	2008/9/23	2020/3/27	medium
34256	FreeBSD : proftpd -- Long Command Processing Vulnerability (0f51f2c9-8956-11dd-a6fe-0030843d3802)	Nessus	FreeBSD Local Security Checks	2008/9/23	2021/1/6	high
34265	ProFTPD Command Truncation Cross-Site Request Forgery	Nessus	FTP	2008/9/23	2020/3/27	medium
35393	Fedora 8 : proftpd-1.3.1-8.fc8 (2009-0195)	Nessus	Fedora Local Security Checks	2009/1/16	2021/1/11	medium
37354	Mandriva Linux Security Advisory : proftpd (MDVSA-2009:061)	Nessus	Mandriva Local Security Checks	2009/4/23	2021/1/6	high
37525	Fedora 10 : proftpd-1.3.1-8.fc10 (2009-0089)	Nessus	Fedora Local Security Checks	2009/4/23	2021/1/11	medium
4687	ProFTPD Command Truncation Cross-Site Request Forgery	Nessus Network Monitor	FTP Servers	2008/9/22	2019/3/6	medium
801026	ProFTPD Command Truncation Cross-Site Request Forgery	Log Correlation Engine	FTP Servers			medium

検出

プラグインの検索

medium

medium

medium

medium

medium

high

medium

medium

high

medium

medium

medium