Using ProFTPd for Core Processing Anywhere?

If so, you might want to pay attention to this announcement of a critical remote vulnerability in the daemon. You can read the alert here. A patch is now available and should be applied quickly if you have core processes using this application.

No authentication is required and it is a pretty straight forward buffer overflow, so exploit code should be easy to design and use. Common framework exploits are expected shortly.

Usually ProFTPd is used as a part of core processing, data warehousing and other heavy data processing solutions across a variety of platforms and industries. You can find installations remotely using nmap -sV scans on your network. Nmap is pretty good at identifying ProFTPd installs.

HoneyPoint users might want to consider deploying port 21/tcp (ftp) listeners to watch for scans for vulnerable servers by attackers. Detected scanning IPs should be investigated on internal networks and black holed on Internet facing segments.

This entry was posted in General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply