[Snort-sigs] Sid 2340

Steven Alexander alexander.s at ...1565...
Fri Mar 12 14:50:09 EST 2004


Rule:  
FTP SITE CHMOD overflow attempt 
--
Sid:
2340
--
Summary:
This attack is for a buffer overflow in the SITE CHMOD command in the
Serv-U FTP server.

--
Impact:

Administrative privilege can be gained remotely or a denial of service
can occur.

--
Detailed Information:

The SITE CHMOD command is vulnerable to a buffer overflow when a
non-existent filename is specified.  This signature detects  to see if
the argument to the command exceeds 100 characters without a newline.

--
Affected Systems:
RhinoSoft Serv-U versions prior to version 5.0.0.0.

--
Attack Scenarios:
 
A remote or local attacker can use this attack against a vulnerable FTP
daemon to gain root privileges or cause a denial of  service.
--
Ease of Attack:

Easy; multiple exploits are available to take advantage of this
vulnerability.

--
False Positives:

Possible, it is well within the ability of non-vulnerable FTP servers to
handle filenames in excess of 100 characters.

--
False Negatives:

None known.
--
Corrective Action:

Upgrade Serv-U FTP to version 5.0 or greater.

--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:
http://www.securityfocus.com/bid/9483
http://secunia.com/advisories/10706




  




More information about the Snort-sigs mailing list