ProFTPD is prone to an remote buffer-overflow vulnerability. This issue is due to an off-by-one error, allowing attackers to corrupt memory. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. ProFTPD versions prior to 1.3.0a are vulnerable to this issue. The FTP server will remain active after a successful exploitation. Exploitation requires a valid user or anonymous account, with a writable directory. If a anonymous account is used, the agent will be in a chrooted environment and a shell can't be executed in this state. The "DisplayFirstChdir .message" option must be present for the user account in the proftpd.conf file (this is the default). After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the ftp server. However, the euid (as opposite to the uid) of the agent may be not that of the super user (usually is "nobody"). By using the setuid module (see setuid module documentation), the user id will be changed to zero (root) and the upgrade will be possible.
CVE Link
Exploit Platform
Product Name