[Snort-sigs] Sid 2338

Steven Alexander alexander.s at ...1565...
Fri Mar 12 11:33:12 EST 2004

FTP LIST buffer overflow attempt 
This attack is a buffer overflow using the LIST command in the gtkftp


root privilege can be gained remotely.

Detailed Information:

The LIST commands in the GtkFtpd is not able to correctly handle long
file or directory names.  This rule checks to see that  the filename is
100 characters or less (including the newline character).

Affected Systems:
GtkFtpd gtkftp 1.0.2
GtkFtpd gtkftp 1.0.3
GtkFtpd gtkftp 1.0.4

Attack Scenarios:
A remote or local attacker can use this attack against a vulnerable FTP
daemon to gain root privileges.
Ease of Attack:

Easy; an exploit is publicly available for this FTP daemon.

False Positives:

Possible, it is well within the ability of non-vulnerable FTP servers to
handle filenames in excess of 100 characters.

False Negatives:

None known.
Corrective Action:

Upgrade GtkFtpd.  

Documentation - Steven Alexander<alexander.s at ...1565...>
Additional References:

More information about the Snort-sigs mailing list