ProFTPD is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successful exploits allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.
Updates are available. Please see the references for details.
- Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability
- httpdx Multiple Remote Denial Of Service Vulnerabilities
- Titan FTP Server Multiple Directory Traversal Vulnerabilities
- XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
- pyftpdlib FTP Server Denial of Service Vulnerability