GEN:SID | 1:1972 |
Message | FTP PASS overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with BlackMoon FTP server PASS command.
|
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with privileges of the process running the BlackMoon FTP server.
|
Detailed Information | The BlackMoon FTP server offers FTP software for Windows hosts. A vulnerability exists with the PASS command that can cause a buffer overflow and permit the execution of arbitrary commands with the privileges of the process running the BlackMoon FTP server. The buffer overflow can be caused by supplying an overly long argument with the PASS command.
|
Affected Systems | Hosts running BlackMoon FTP Server 1.0 through 1.5.
|
Attack Scenarios | An attacker can supply an overly long file argument with the PASS command, causing a buffer overflow.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1035
|
Rule References | bugtraq: 10078
bugtraq: 10720
bugtraq: 1690
bugtraq: 3884
bugtraq: 8601
bugtraq: 9285
cve: 1999-1519
cve: 1999-1539
cve: 2000-1035
cve: 2002-0126
cve: 2002-0895
|