Proftpd Buffer overflow CVE-2019-18217

A buffer overflow vulnerability has been found in Proftpd

Proftpd logo

Summary:

A buffer overflow vulnerability has been found in the popular File Transfer Protocol.
Proftpd has been actively used since 1997 and has been the default
ftp server daemon in several operating systems for several years.

Affected systems

  • Proftpd versions prior to 1.3.6b

The vulnerability has been given the CVE of CVE-2019-18217.

Vulnerability

src/main.c

    if (cmd_buflen < 0) {
      if (errno == E2BIG) {
        /* The client sent a too-long command which was ignored; give
         * them another chance?
         */
        continue;
      }

A specially crafted package can create an infinite loop caused by
not validating the length of too commands.
This will cause an allocation which could potentially lead to a remote code execution.
Most likely a successful exploitation of this will lead to the program
taking up too much CPU power and being killed by the host operating
system.

You can read the issues that was created in github regarding this in the
following link: https://github.com/proftpd/proftpd/issues/846

Vulnerable hosts

shodan proftpd

A simple shodan search displays over one million hosts running proftpd.

External links:
Proftpd wikipedia
proftpd.org
Proftpd github
Proftpd CVE-2019-18217 github issue
Proftpd 1997

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.