FTP: OpenFTPD SITE MSG Format String
This signature detects attempts to exploit a known vulnerability in the OpenFTP daemon. A format string vulnerability exists that can allow a successful attacker to execute arbitrary code on the affected computer with user privileges.
Extended Description
Reportedly OpenFTPD is affected by a remote message format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that invoked the affected FTP server software.
Affected Products
Openftpd ftp_server
Short Name
FTP:EXPLOIT:OPENFTPD-MSG-FS
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
Format MSG OpenFTPD SITE String bid:10830
Release Date
11/24/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Openftpd