FTP: WU-FTPD Linux x86 Buffer Overflow
This signature detects attempts to exploit the input validation vulnerability in wuFTPd running on LINUX. All versions are susceptible. Because user input goes directly into a format string for a *printf function, attackers can overwrite data on a stack, such as a return address, access the shell code pointed to by the overwritten eip, and execute arbitrary commands. This same attack can be successful seen against ProFTPD servers.
Extended Description
There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 (beta 18) VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names (directory structures). For example, if a user has write privilages he or she may create an unusually long pathname which due to insuficient bounds checking in ProFTPD will overwrite the stack. This will allow the attacker to insert their own instruction set on the stack to be excuted thereby elavating their access. The problem is in a bad implementation of the "realpath" function.
Affected Products
Sco open_server
Short Name
FTP:WU-FTP:LINUX-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
Buffer CA-1999-03 CVE-1999-0368 Linux Overflow WU-FTPD bid:113 x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Washington_university
Proftpd_project
Slackware
Caldera
Debian
CVSS Score
10.0