Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1973 |
Message | FTP MKD overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with ProFTP FTP server MKDIR command. |
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with privileges of the process running the ProFTP server. |
Detailed Information | A vulnerability exists with the MKDIR command that can cause a buffer overflow and permit the execution of arbitrary commands with the privileges of the process running the Pr oFTP server. The buffer overflow can be caused by supplying an argument of greater than 255 characters designating the new directory name. |
Affected Systems | Hosts running ProFTP 1.2.0pre4 |
Attack Scenarios | An attacker can supply an overly long file argument with the MKDIR command, causing a buffer overflow. |
Ease of Attack | Simple. Exploit code is freely available. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0991 Bugtraq: http://www.securityfocus.com/bid/612 |
Rule References | bugtraq: 11772 bugtraq: 612 bugtraq: 7278 bugtraq: 9872 cve: 1999-0911 nessus: 12108 |
--
DID:784096
--
http://www.aanval.com/