FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- arbitrary code execution vulnerability with chroot

Affected packages
7.3 <= FreeBSD < 7.3_9
7.4 <= FreeBSD < 7.4_5
8.1 <= FreeBSD < 8.1_6
8.2 <= FreeBSD < 8.2_5
proftpd < 1.3.3g_1
proftpd-mysql < 1.3.3g_1
proftpd-devel < 1.3.3.r4_3,1

Details

VuXML ID 022a4c77-2da4-11e1-b356-00215c6a37bb
Discovery 2011-11-30
Entry 2011-12-23
Modified 2012-01-29

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:

If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...).

Proftpd shares the same problem of a similar nature.

References

FreeBSD Advisory SA-11:07.chroot
URL http://seclists.org/fulldisclosure/2011/Nov/452