[Snort-sigs] Sid 2340
alexander.s at ...1565...
Fri Mar 12 14:50:09 EST 2004
FTP SITE CHMOD overflow attempt
This attack is for a buffer overflow in the SITE CHMOD command in the
Serv-U FTP server.
Administrative privilege can be gained remotely or a denial of service
The SITE CHMOD command is vulnerable to a buffer overflow when a
non-existent filename is specified. This signature detects to see if
the argument to the command exceeds 100 characters without a newline.
RhinoSoft Serv-U versions prior to version 126.96.36.199.
A remote or local attacker can use this attack against a vulnerable FTP
daemon to gain root privileges or cause a denial of service.
Ease of Attack:
Easy; multiple exploits are available to take advantage of this
Possible, it is well within the ability of non-vulnerable FTP servers to
handle filenames in excess of 100 characters.
Upgrade Serv-U FTP to version 5.0 or greater.
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs