CVE-2006-5815: remote code execution in ProFTPD

[lord_nibbler]

Hello SWsoft,

A remotely exploitable stack overflow vulnerability has been found in ProFTPD server.
The vulnerability allows a remote authenticated attacker to gain root privileges.

We need a fix soon!

http://bugs.proftpd.org/show_bug.cgi?id=2858
http://www.gleg.net/proftpd.txt

best regards
Lord Nibbler

 

[faris]

If I'm reading this correctly someone would need to have a correct username/password on the FTP server to exploit this, so hopefully this isn't a total disaster. But it is pretty bad :-(

Faris.