ProFTPD Remote Code Execution Vulnerability and Exploit
A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521
Fixes for the vulnerabilty and exploit.
Parallels has used its micro-update patch functionality in Plesk 9.5x, Plesk 10, and Small Business Panel 10.2 to fix this exploit. You can run the Parallels AutoInstaller to fix this or check the Updates section of your Plesk Panel 9.5x, Plesk 10, or Small Business Panel 10.2 to fix this. This is a file-replace, as opposed to a new install so it will be quick and reliable. To find this in the GUI:
Parallels Plesk Panel 10.x: “Server Management” -> “Tools & Utilities” -> “Updates” -> “Update Components” -> click “Continue”
Proftpd service may not start after fresh install from a Virtuozzo template
Resolution
Change the /etc/xinetd.d/xproftpd file and restart services
Log as root to your box
Open the /etc/xinetd.d/xproftpd file using a text editor
vi /etc/xinetd.d/xproftpd
Change value of “disable =” to “yes”.
Restart xinetd service
/etc/init.d/xinetd restart
Start proftpd service
/etc/init.d/proftpd start
Reference: http://parallels.com/
How to run proftpd in debug mode
If you are having any issues logging in, or uploading files, creating directories, etc.. you can run proftpd in debug mode to see what the proftpd server is doing and possibly find out why it’s generating the errors it is.
To do so, type the following:
/etc/init.d/proftpd stop
proftpd -n -d 20
Showing hidden files through ftp
To show hidden files through ftp (files that start with a dot), edit your /etc/proftpd.conf.
In the section add the following code
Save, exit, then restart proftpd.
