[Snort-sigs] Sid 2343
alexander.s at ...1565...
Fri Mar 12 14:59:09 EST 2004
FTP STOR overflow attempt
This attack is for a buffer overflow in the STOR command in wu-ftpd.
Administrative privilege can be gained remotely or a denial of service
A remote stack based buffer overflow vulnerability exists in the
SockPrintf() function. This vulnerability only exists if the server
had been configured using the "MAIL_ADMIN" option; this is not the
default behavior. This signature only checks to see if the argument to
the STOR command is over 100 characters.
Washington University wu-ftpd 2.6.2 and earlier.
A remote or local attacker can use this attack against a vulnerable FTP
daemon to gain root privileges.
Ease of Attack:
Moderate, The details of the vulnerability are known but an exploit is
not publicly available.
Possible, it is well within the ability of non-vulnerable FTP servers to
handle filenames in excess of 100 characters.
Upgrade to a newer version of wu-ftpd.
Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs