FTP: Linux x86 Long Pathname Buffer Overflow (3)
This signature detects attempts to exploit a realpath vulnerability in ProFTPD and wuFTPd running on LINUX. Versions ProFTPD 1.2pre1 and earlier and wuFTPd 2.4.2 (beta 18) VR9 and earlier are susceptible. Attackers can gain write access, remotely create long pathnames, and overflow the buffer to gain root access.
Extended Description
Successful exploitation of this vulnerability could allow execution of arbitrary code with the same privileges as the ProFTP daemon or wu-ftpd, and also unauthorized access to a vulnerable system.
Short Name
FTP:OVERFLOW:PATH-LINUX-X86-3
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
(3) Buffer CA-1999-03 CVE-1999-0368 Linux Long Overflow Pathname x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
10.0