GEN:SID | 1:348 |
Message | FTP EXPLOIT wu-ftpd 2.6.0 |
Summary | This event is generated when an attack attempt is made against an ftp server possibly running a vulnerable ftpd |
Impact | Possible remote execution of commands on the affected server as the root user |
Detailed Information | The Washington University ftp daemon (wu-ftpd) does not perform proper checking in its SITE EXEC implementation, and allows user input to be sent directly to printf. This allows an attacker to overwrite data and eventually execute code on the server.
This rule detects code from a published exploit called bobek.c |
Affected Systems | Any system running wu-ftpd 2.6 .0 or below |
Attack Scenarios | A remote attacker will attempt to execute commands on the ftp server with root user privileges, over writing or modifying system files. This can be done with anonymous and real user logins. |
Ease of Attack | Simple, Exploits exist |
Corrective Action | Upgrade to latest version which has fixes for this problem. Maybe even get rid of wu-ftp with something more secure |
Additional References | |
Rule References | arachnids: 440
bugtraq: 1387
|