GEN:SID | 1:2343 |
Message | FTP STOR overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with WuFtpd STOR command.
|
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with system privileges.
|
Detailed Information | WuFtpd is an FTP server based on BSD ftpd. A vulnerability exists with the STOR command that can cause a buffer overflow and permit the execution of arbitrary commands with system privileges. The buffer overflow can be caused by supplying an overly long argument to the STOR command.
The issue exists in the SockPrintf() function. A server using the MAIL_ADMIN option to send email notifications to the administrator when files are uploaded to the server, is vulnerable to the attack. It is possible for an attacker to send malformed data to the store() function via sockprintf() that will cause the overflow condition to occur, the error can be generated by the attacker creating a filename greater than 32768 bytes in length.
|
Affected Systems | |
Attack Scenarios | An attacker can supply an overly long file argument with the STOR command, causing a buffer overflow.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Use scp as an alternative to ftp
Disallow ftp access to internal resources from external sources
Disable the MAIL_ADMIN option
|
Additional References | |
Rule References | bugtraq: 8668
cve: 2000-0133
|