FTP: Command Overflow
This signature detects overly long commands sent to an FTP server (greater than 1024 bytes). Such activity could be an indication of an exploit attempt.
Extended Description
ProFTPD is prone to a remote stack-based buffer-overflow vulnerability and a directory-traversal vulnerability because the application fails to perform adequate boundary checks on user-supplied data. A remote attacker can exploit the buffer-overflow vulnerability to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. A remote attacker can exploit the directory-traversal vulnerability to download and upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. ProFTPD version 1.3.3 is vulnerable.
Affected Products
Debian linux
References
BugTraq: 44562
CVE: CVE-2010-4221
URL: http://bugs.proftpd.org/show_bug.cgi?id=3521 http://www.zerodayinitiative.com/advisories/zdi-10-229/
Short Name
FTP:OVERFLOW:CMD-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
CVE-2010-4221 CVE-2015-7767 Command Overflow bid:44562
Release Date
12/22/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Mandriva
Proftpd_project
Debian
Slackware
CVSS Score
7.5
10.0