[原文]Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
GProftpd gprostats Utility Log Parser Remote Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity
GProftpd contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an FTP transfer with a crafted filename causes format string specifiers to be inserted into the ProFTPD transfer log. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Upgrade to version 8.1.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.