GEN:SID 1:2178
Message FTP USER format string attempt
Summary This event is generated when a remote attacker attempts to exploit a
format string vulnerability against an FTP server during authentication.
Impact Attempted Admin.  A successful format string attack could result in the
execution of arbitrary code with the same privileges as the user running
the FTP daemon.
Detailed Information Several FTP daemons are vulnerable to format string exploits during
authentication to the FTP server.  A successful exploit attempt could
result in the remote attacker gaining unauthorized root access to the
vulnerable system.
Affected Systems SmallFTP v0.99
Attack Scenarios A remote attacker could use a publicly available script to exploit the
vulnerability an gain control of the target host.
Ease of Attack Simple. Numerous attack scripts exist to exploit this vulnerabiliy.
Corrective Action SmallFTPD has released an updated software package that resolve the
problem. It can be downloaded from:
http://smallftpd.free.fr
Additional References http://www.securityfocus.com/bid/7474
Rule References bugtraq: 7474
bugtraq: 7776
bugtraq: 9262
bugtraq: 9402
bugtraq: 9600
bugtraq: 9800
cve: 2004-0277
nessus: 10041
nessus: 11687