GEN:SID | 1:2392 |
Message | FTP RETR overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with WuFtpd RETR command.
|
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with system privileges.
|
Detailed Information | WuFtpd is an FTP server based on BSD ftpd. A vulnerability exists with the RETR command that can cause a buffer overflow and permit the execution of arbitrary commands with system privileges. The buffer overflow can be caused by supplying an overly long argument to the RETR command.
The issue exists in the realpath() function. It is possible for an attacker to send malformed data to the realpath() function that will cause the overflow condition to occur.
|
Affected Systems | Multiple systems using affected C libraries, libc
|
Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the overflow to occur.
|
Ease of Attack | Simple. Many exploits exist.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Use scp as an alternative to ftp
Disallow ftp access to internal resources from external sources
Recompile binaries statically linked to the system libc implementation
|
Additional References | |
Rule References | bugtraq: 8315
cve: 2003-0466
cve: 2004-0287
cve: 2004-0298
|