ProFTPD is a popular open-source FTP server software. A buffer overflow in ProFTPD allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
ProFTPD is a popular open-source FTP server software. A buffer overflow in ProFTPD allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
You're affected if you use ProFTPD version 1.3.5c or earlier, wu-ftpd version 2.16.0 or earlier, or beroftpd version 0.9.11 or earlier. Check with: grep "PROFTPD_VERSION" /etc/proftpd.conf or find / -name "proftpd*".
Note: This is ProFTPD, not FTPS (which uses SSL/TLS) or other similar products like vsftpd or lftp.
Upgrade to ProFTPD version 1.3.5d or later from the official website.
- For immediate mitigation, restrict network access to your ProFTPD instance and monitor for suspicious activity.