mailing list archives
Re: [NSE] Check for CVE-2010-4221 - ProFTPD Server stack overflow
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 30 Jun 2011 19:44:19 +0100
On Thu, Jun 30, 2011 at 08:21:42PM +0200, Henri Doreau wrote:
2011/6/30 Djalal Harouni <tixxdz () opendz org>:
After more tests I'll commit it tomorrow, thanks.
I have successfully tested the script against the following systems
- ProFTPD 1.3.2rc4 on Linux x86_64 (vulnerable)
- ProFTPD 1.3.3b on FreeBSD x86_64 (vulnerable)
As well as this one:
- ProFTPD 1.3.4rc2 (devel) on Linux x86_64 (not vulnerable)
Ok, that evil packet gives us good result :)
For this last case the script doesn't generate a false positive but I
get: "ftp-vuln-cve2010-4221: this is not ProFTPD server." despite -sV
correctly detected ProFTPD.
Maybe this script could offer an option to force the more intrusive
checks and/or use port.version.product if available.
I'll use that info if available otherwise we'll just force the check by
default (even if we miss the version match).
Thanks Henri for testing, I'll commit the script this night.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/