| VID |
16012 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The AIX's ftpd daemon is vulnerable to a buffer overflow attack. This vulnerability exists in Version 4.3 of IBM's AIX ftpd daemon. By using a specially formatted FTP command, a remote attacker can overflow a buffer in the ftpd daemon and execute arbitrary code on the system as root.
It was possible to make the remote FTP server crash by issuing this command :
CEL aaaa[...]aaaa
* References:
http://www.iss.net/security_center/static/3758.php
http://www.securityfocus.com/bid/679 |
| Recommendation |
Apply AIX APAR IY04477, or the temporary fix, as listed in IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1999:004.1, "Remote buffer overflow in ftpd daemon" at http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/C246FD0FCD6FB7988525680F0077E2E9/$file/sva004.txt
* A temporary fix is available via anonymous ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/ftpd.tar.Z
Filename sum md5 ============================================
ftpd 02584 147 4577818c9c95b47ffc915ab750f36bd3
This temporary fix has not been fully regression tested. Use the following steps (as root) to install the temporary fix:
1. Uncompress and extract the fix.
# uncompress < ftpd.tar.Z | tar xf -
# cd ftpd
2. Replace the vulnerable ftpd.
# mv /usr/sbin/ftpd /usr/sbin/ftpd.before_security_fix
# chown root.system /usr/sbin/ftpd.before_security_fix
# chmod 0 /usr/sbin/ftpd.before_security_fix
# cp ./ftpd /usr/sbin/ftpd
# chown root.system /usr/sbin/ftpd
# chmod 4554 /usr/sbin/ftpd |
| Related URL |
CVE-1999-0789 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
