CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
71.7%
The remote host is using ProFTPD, a free FTP server for Unix and Linux.
According to its banner, the version of ProFTPD installed on the remote host is 1.3.1x and may be affected by SQL injection protection bypass when NLS support is enabled.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106750);
script_version("1.3");
script_cvs_date("Date: 2019/11/08");
script_cve_id("CVE-2009-0543");
script_bugtraq_id(33650);
script_name(english:"ProFTPD 1.3.1 SQL injection protection bypass");
script_summary(english:"Checks version of ProFTPD.");
script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by a mitigation bypass.");
script_set_attribute(attribute:"description", value:
"The remote host is using ProFTPD, a free FTP server for Unix and
Linux.
According to its banner, the version of ProFTPD installed on the
remote host is 1.3.1x and may be affected by SQL injection protection
bypass when NLS support is enabled.");
script_set_attribute(attribute:"see_also", value:"http://bugs.proftpd.org/show_bug.cgi?id=3173");
script_set_attribute(attribute:"solution", value:
"Upgrade to ProFTPD version 1.3.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(89);
script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/05");
script_set_attribute(attribute:"patch_publication_date", value:"2009/02/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/12");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:proftpd:proftpd");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FTP");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ftp_overflow.nasl", "ftpserver_detect_type_nd_version.nasl");
script_require_keys("ftp/proftpd", "Settings/ParanoidReport");
script_require_ports("Services/ftp", 21);
exit(0);
}
include("audit.inc");
include("ftp_func.inc");
include("global_settings.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_ftp_port(default: 21, broken:TRUE);
app = "ProFTPD";
banner = get_ftp_banner(port:port);
if (!banner) audit(AUDIT_NO_BANNER, port);
if (app >!< banner) audit(AUDIT_NOT_DETECT, app, port);
matches = pregmatch(string:banner, pattern:"ProFTPD ([0-9a-z.]+) ");
if (isnull(matches)) audit(AUDIT_SERVICE_VER_FAIL, app, port);
version = matches[1];
if (version =~ '^1(\\.3)?$') audit(AUDIT_VER_NOT_GRANULAR, app, version);
if (version =~ "^1\.3\.1($|[^0-9])")
{
report =
'\n Version source : ' + chomp(banner) +
'\n Installed version : ' + version +
'\n Fixed version : 1.3.2\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, sqli:TRUE);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, app, port, version);