Title: ncftpd STAT File Globbing Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
NcFTPd is a File Transfer Protocol (FTP) server for UNIX systems, designed for high-traffic sites and internet service providers.
A vulnerability has been reported for ncftpd. A buffer overflow exists in the STAT function when used in conjunction with file globbing. The issue likely occurs due to insufficient bounds checking of expanded character requests.
It is possible to trigger the overflow by passing a malicious STAT request containing recursive calls to a directory name of excessive length referenced using file globbing characters. When the request is expanded by the server the malicious request will overwrite sensitive memory. Successful exploitation of this vulnerability will allow an attacker to execute arbitrary commands with the privileges of the vulnerable ncftpd process.
It should be noted that this vulnerability has been reported to exist in version 2.7.1.
The vendor has announced that nctpd is in fact not vulnerable to this issue.
Symantec has been unable to reproduce this vulnerability.
Affected Products:
- NcFTP Software NcFTPD 2.7.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
