| VID |
16018 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ftp daemon contains a format string vulnerability in 'site exec' command. This vulnerability can cause segmentation violations leading to denial of the ftp service or to the execution of arbitrary code injected by passing specially crafted character format strings while executing a "site exec" command.
You can test the ftp daemon using the ftp client program by issuing a request such as the following command after logging into with an account:
ftp> quote site exec %n %n %n %n %n %n %n
Connection closed by foreign host
* Platforms affected:
Wu-ftpd 2.6.0 and earlier
OpenBSD ftpd 6.4 and earlier
FreeBSD Ports Collection Any version
HP-UX 10.xx and 11.0x
ProFTPD prior to 1.2.0rc2
Some systems running ftpd derived from BSD ftpd 5.51 or BSD ftpd 5.60 (the final BSD release)
* References:
http://www.cert.org/advisories/CA-2000-13.html |
| Recommendation |
For ProFTPD:
Upgrade to the latest version of proftpd (ProFTPD 1.2.7), available from The Professional FTP Daemon Project Web site at http://www.proftpd.net/download.html
For WU-FTPD:
Upgrade to the latest version of WU-FTPD (2.6.2 or later), available from the WU-FTPD Development Group Web site at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
For OpenBSD:
Apply the 019_ftpd.patch, as listed in OpenBSD Security Advisory, July 5, 2000 at ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/019_ftpd.patch
For NetBSD:
Apply the patch listed in NetBSD Security Advisory 2000-009 at ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
For FreeBSD:
Apply the patch listed in Security Advisory FreeBSD-SA-00:35 at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:35.proftpd.asc
For HP-UX:
Apply the appropriate patch (Rev.03) listed in HP IT Resource Center page at http://us-support.external.hp.com
For HP-UX release 11.00 PHNE_21936,
HP-UX release 11.04 PHNE_22060,
HP-UX release 10.20 PHNE_22057,
HP-UX release 10.24 PHNE_22059,
HP-UX release 10.01 and 10.10 PHNE_22058. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
