SHELLCODE: Shikata Ga Nai Encoder Routine Over TCP-STC
This signature detects payloads being transferred over network that have been encoded using Shikata Ga Nai encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
Affected Products
Ftpshell ftpshell_client
Short Name
SHELLCODE:WIN:SHIKATA-GANAI-STC
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2006-1652 CVE-2017-6465 CVE-2018-7573 Encoder Ga Nai Over Routine Shikata TCP-STC bid:96570
Release Date
09/25/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Ftpshell
CVSS Score
7.5
9.0
10.0