JFTPGW Remote Syslog Format String Vulnerability

info
discussion
exploit
solution
references

JFTPGW Remote Syslog Format String Vulnerability

jftpgw FTP proxy is prone to a remotely exploitable format string vulnerability.

This issue could be exploited to execute arbitrary code in the context of the process, which is usually run as nobody (or an equivalent user). This is due to insecure usage of the syslog() function.