ProFTPD Remote Code Execution Vulnerability and Exploit

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521

Fixes for the vulnerabilty and exploit.

Parallels has used its micro-update patch functionality in Plesk 9.5x, Plesk 10, and Small Business Panel 10.2 to fix this exploit. You can run the Parallels AutoInstaller to fix this or check the Updates section of your Plesk Panel 9.5x, Plesk 10, or Small Business Panel 10.2 to fix this. This is a file-replace, as opposed to a new install so it will be quick and reliable. To find this in the GUI:

Parallels Plesk Panel 10.x: “Server Management” -> “Tools & Utilities” -> “Updates” -> “Update Components” -> click “Continue”

One Response to “ProFTPD Remote Code Execution Vulnerability and Exploit”

  1. 3propheton 13 Jan 2022 at 1:38 am

    2abasement…

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.