FTP: Malicious Characters In FTP Request Detected
This signature detects attempts to exploit a remote FTP server. Attacker can send malformed characters in FTP request. A successful attack can lead to arbitrary remote code execution within the context of the server or denial of service condition.
Extended Description
Microsoft IIS is prone to a buffer-overflow vulnerability affecting the application's FTP service. Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the FTP service, resulting in denial-of-service conditions. IIS 7.5 is vulnerable; other versions may also be affected.
Affected Products
Avaya aura_conferencing
References
BugTraq: 45542
CVE: CVE-2012-5002
URL: http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx http://www.exploit-db.com/exploits/15803/ http://secunia.com/advisories/47912 http://www.inshell.net/2012/03/ricoh-dc-software-dl-10-ftp-server-sr10-exe-remote-buffer-overflow-vulnerability/
Short Name
FTP:MS-FTP:MAL-CHARS-FTP-REQ
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
CVE-2010-3972 CVE-2012-5002 Characters Detected FTP In Malicious Request bid:45542
Release Date
12/22/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
10.0
6.8