Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1379 |
Message | FTP STAT overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with IPSWITCH WS_FTP server for Windows hosts. |
Impact | Remote administrator access. A successful attack can allow remote execution of arbitrary commands with privileges of administrator. |
Detailed Information | A buffer overflow exists in WS_FTP server that may permit the execution of arbitrary commands with the privileges of administrator. The exploit can be generated by FTP client sending a STAT command accompanied by an argument greater than 479 bytes long. This exploit requires login access to the FTP server. |
Affected Systems | Hosts running WS_FTP server 2.0.3. |
Attack Scenarios | An attacker may login to a vulnerable WS_FTP server and supply an overly long file argument to cause a buffer overflow, allowing execution of arbitrary commands with the privileges of administrator. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | Security Focus: http://www.securityfocus.com/advisories/3641 |
Rule References | bugtraq: 3507 bugtraq: 8542 cve: 2001-0325 cve: 2001-1021 url: labs.defcom.com/adv/2001/def-2001-31.txt |
--
DID:233929
--
http://www.aanval.com/