File: 1562.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (59 lines) | stat: -rw-r--r-- 1,494 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Rule:

--
Sid:
1562

--
Summary:
This event is generated when an attempt is made to exploit a buffer overflow associated with BFTPD version 1.0.13.

--
Impact:
Remote root access.  A successful attack can allow the remote execution of arbitrary commands with privileges of root.

--
Detailed Information:
This event is generated when an attempt is made to exploit a vulnerability associated with the FTP SITE CHOWN command of a BFTPD server 1.0.13. A buffer overflow attack can be executed by sending an overly long argument with the SITE CHOWN command.  This attack requires login access to the vulnerable server via an authenticated or anonymous user.

--
Affected Systems:
Hosts running BFTPD version 1.0.13. 

--
Attack Scenarios:
An attacker may login to a vulnerable FTP server and supply an overly long file argument with the SITE CHOWN command, causing a buffer overflow and allowing the execution of arbitrary commands as root.

--
Ease of Attack:
Simple.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

Disable the use of the SITE command on the vulnerable server by configuring /etc/bftpd.conf with:
  ENABLE_SITE=no

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com> 
Nigel Houghton <nigel.houghton@sourcefire.com>
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0065

--