GEN:SID 1:337
Message FTP CEL overflow attempt
Summary This event is generated when a remote attacker attempts to exploit a buffer overflow vulnerability in the IBM AIX FTP daemon.
Impact Remote execution of arbitrary code leading to remote root compromise.
Detailed Information The IBM AIX 4.3.x FTP daemon contains a buffer overflow vulnerability. An attacker can send an overly long string in the CEL command, causing a buffer overflow condition and allowing the attacker to execute arbitrary code.
Affected Systems IBM AIX 4.3.x
Attack Scenarios An attacker sends a suspiciously large amount of data to the FTP server in the CEL command, causing a buffer overflow condition. The attacker can then execute arbitrary code to obtain root privileges.
Ease of Attack Simple. Exploits exist.
Corrective Action Install the patch provided by IBM. See http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/ERS-SVA-E01-1999.004.1/$file/sva004.txt for an advisory and information about obtaining the patch.
Additional References IBM
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/ERS-SVA-E01-1999.004.1/$file/sva004.txt
Rule References arachnids: 257
bugtraq: 679
cve: 1999-0789
nessus: 10009