FTP: WU-FTPD Off-by-One Buffer Overflow
This signature detects attempts to exploit a known vulnerability in WU-FTPD. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
The 'realpath()' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the implementation of 'realpath()' in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. Reportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions. NOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of 'realpath()'. These applications would require their own patches. FreeBSD has published a large list of applications that use 'realpath()'. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory 'FreeBSD-SA-03:08.realpath'.
Affected Products
Netbsd netbsd
Short Name
FTP:WU-FTP:OFFBYONE-BOF
Severity
Major
Recommended
False
Recommended Action
None
Category
FTP
Keywords
Buffer CVE-2003-0466 Off-by-One Overflow WU-FTPD bid:8315
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Openbsd
Apple
Sun
Hp
Washington_university
Freebsd
Netbsd
Ssh_communications_security
CVSS Score
10.0