Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2338 |
Message | FTP LIST buffer overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in GtkFtpd. |
Impact | Execution of arbitrary code. Possible unauthorized root access. |
Detailed Information | GtkFtpd fails to perform sufficient checks on user supplied data to the daemon. An attacker may exploit this vulnerability to execute code of their choosing as the root user. This may also lead to remote root access to the server. |
Affected Systems | GtkFtpd 1.0.2, 1.0.3 and 1.0.4 |
Attack Scenarios | An attacker may use a publicly available exploit script to take advantage of the vulnerability. |
Ease of Attack | Simple. Exploit code exists. |
Corrective Action | Apply the appropriate vendor supplied patches. Upgrade to the latest non-affected version of the software. Use scp/sftp as an alternative to ftp. |
Additional References | |
Rule References | bugtraq: 10181 bugtraq: 6869 bugtraq: 7251 bugtraq: 7861 bugtraq: 8486 bugtraq: 9675 cve: 1999-0349 cve: 1999-1510 cve: 2000-0129 url: www.microsoft.com/technet/security/bulletin/MS99-003.mspx |
--
DID:296818
--
http://www.aanval.com/