Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1734 |
Message | FTP USER overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow or denial of service vulnerability associated with FTP USER command. |
Impact | Remote access or denial of service. A successful attack can cause a denial of service or allow remote execution of arbitrary commands with privileges of the process running the FTP server. |
Detailed Information | This event is generated when an attempt is made to exploit various vulnerabilities associated with the FTP USER command of different FTP servers. It is possible to cause a denial of service attack or gain remote access to execute arbitrary commands with the privileges of the process running the FTP server by sending an overly long argument with the FTP USER command. |
Affected Systems | Hosts running bftpd 1.0.11. Hosts running BlackMoon FTP Server 1.0 through 1.5. Hosts running CesarFTPD 0.98b. Hosts running A-FTP Anonymous FTP Server. Hosts running Argosoft FRP server 1.0. Hosts running TYPSoft FTP Server 0.78. Hosts running AnalogX proxy server 4.04 and earlier Hosts running Dragon FTP server. |
Attack Scenarios | An attacker can supply an overly long file argument with the USER command, causing a denial of service or buffer overflow. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0479 Bugtraq: http://www.securityfocus.com/bid/4638 |
Rule References | bugtraq: 10078 bugtraq: 1227 bugtraq: 1504 bugtraq: 1690 bugtraq: 4638 bugtraq: 7307 bugtraq: 8376 cve: 1999-1510 cve: 1999-1514 cve: 1999-1519 cve: 1999-1539 cve: 2000-0479 cve: 2000-0656 cve: 2000-0761 cve: 2000-0943 cve: 2000-1035 cve: 2000-1194 cve: 2001-0256 cve: 2001-0794 cve: 2001-0826 cve: 2002-0126 cve: 2002-1522 cve: 2003-0271 cve: 2004-0286 |
--
DID:506689
--
http://www.aanval.com/