FTP: WU-FTPD Setproctitle() Format String

This signature detects an attempt to exploit a ftp daemon by submitting a malicious SITE request containing format string characters. Successful exploitation can allow an attacker to execute arbitrary code with user privileges running the ftp daemon.

Extended Description

A number of ftp daemons, including versions of wu-ftpd, OpenBSD ftpd (ports of this package are distributed with some Linux distributions), HP-UX ftpd, and proftpd, have a vulnerability caused by the passing of user input to the set_proc_title() function. This function in turn calls setproctitle() after using this user data to generate a buffer to pass to setproctitle. setproctitle is defined as setproctitle(char *fmt, ...). The buffer created is passed as the format argument to setproctitle. setproctitle will make a call to the vsnprintf() call, taking the buffer passed as the format string. By carefully manipulating the contents of this buffer, a remote user can cause values on the stack to be overwritten, and potentially cause arbitrary code to be executed as root.

Affected Products

Suse linux

Short Name
FTP:WU-FTP:SETPROCTITLE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
CA-2000-13 CVE-2000-0574 Format Setproctitle() String WU-FTPD bid:1425
Release Date
04/24/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Proftpd_project

Openbsd

Hp

Opieftpd

Freebsd

Linux

Suse

Netbsd

Debian

CVSS Score

5.0

Found a potential security threat?