- Advisory ID
- Betroffene Versionen
CERT released an advisory regarding the incorrect management of buffers in various FTP server that can lead to a remote intruder executing arbitrary code on the FTP server. This incorrect management of buffers is due to the return from the glob() function. ProFTPD is not affected by this vulnerability on the Linux platform and also because it uses the GNU glob() function, which is not vulnerable. The minimum recommended version of ProFTPD, from the ProFTPD team, is 1.2.0rc3 due to security problems in older versions.