SCAN: Linux x86 FTP Long Pathname Buffer Overflow (2)
This signature detects attempts to exploit a realpath vulnerability in ProFTPD and wuFTPd running on LINUX. Versions ProFTPD 1.2pre1 and earlier and wuFTPd 2.4.2 (beta 18) VR9 and earlier are susceptible. Attackers can gain write access, remotely create long pathnames, and overflow the buffer to gain root access.
Extended Description
There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 (beta 18) VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names (directory structures). For example, if a user has write privilages he or she may create an unusually long pathname which due to insuficient bounds checking in ProFTPD will overwrite the stack. This will allow the attacker to insert their own instruction set on the stack to be excuted thereby elavating their access. The problem is in a bad implementation of the "realpath" function.
Affected Products
Sco open_server
Short Name
SCAN:MISC:FTP:PATH-LINUX-X86-2
Severity
Warning
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
(2) Buffer CA-1999-03 CVE-1999-0368 FTP Linux Long Overflow Pathname bid:113 x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Washington_university
Proftpd_project
Slackware
Caldera
Debian
CVSS Score
10.0