SCAN: FreeBSD/OpenBSD FTPD mkd Buffer Overflow
This signature detects attempts to exploit the vulnerability against the FTPD that ships with early versions of FreeBSD 4.x and OpenBSD 2.8. FTPD 6.00LS and 6.5/OpenBSD versions are vulnerable. Successful exploitation can allow an attacker to gain local host access and root permissions.
Extended Description
The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon assumes that there can never be more than 512 bytes of user-supplied data. This is because that is usually how much data is read from a socket. Because of this assumption, certain memory copy operations involving user data lack bounds checking. It is possible for users to use metacharacters to expand file/path names through interpretation by glob() and exploit these overflowable conditions. In order to do so, the attacker's ftp account must be able to either create directories or directories with long enough names must exist already. Any attacker to successfully exploit this vulnerability would gain root access on the target host.
Affected Products
Compaq tru64
Short Name
SCAN:MISC:FTP:BSD-FTPD-MKD-OF
Severity
Warning
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Buffer CA-2001-07 CVE-2001-0247 FTPD FreeBSD/OpenBSD Overflow bid:2548 mkd
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Openbsd
Compaq
Sgi
Freebsd
Netbsd
Mit
CVSS Score
10.0