ProFTPD Telnet IAC processing stack overflow

If you are running a Linux server with Plesk control panel,  please be aware there was a flaw discovered in the ProFTPD server that potentially allows unauthenticated attackers to compromise your server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences. The ProFTPD bug report is available here: http://bugs.proftpd.org/show_bug.cgi?id=3521

A Proftpd update for Plesk has been provided by Atomic Rocket Turtle. To apply the update, execute the commands below:

wget -O – http://www.atomicorp.com/installers/atomic | sh
yum upgrade psa-proftpd

Please review http://www.parallels.com/products/plesk/ProFTPD for updates to this security issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.