| VID |
16046 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
BFTPD version 1.0.13 is vulnerable to a buffer overflow via the SITE CHOWN command.
Max-Wilhelm Bruker's FTP server, BFTPD is an FTP server for Linux, BSD/OS, FreeBSD, DG-UN and Tru64, which runs either with inetd or standalone. The version 1.0.13 of BFTPD has a buffer overflow vulnerability due to handling to improperly user-supplied input. A remote attacker can send a maliciously-formed string of characters following the SITE CHOWN command which exceeds the maximum length of the input buffer:
SITE CHOWN AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
It can overflow onto the stack and cause a denial of service simply. Also, it can overwrite the return address to gain root privileges on the server and possibly execute arbitrary commands.
* Platforms Affected:
BSD Any version
DG/UX Any version
FreeBSD Any version
Linux Any version
Solaris Any version
Tru64 UNIX Any version
bftpd 1.0.13
* References:
http://online.securityfocus.com/bid/2120
http://www.iss.net/security_center/static/5775.php |
| Recommendation |
Upgrade to the latest version (BFTPD 1.0.23), available from BFTD web site, http://www.bftpd.org
As the workaround, replace "ENABLE_SITE = yes" in configuration file /etc/bftpd.conf by "ENABLE_SITE = no" to disable SITE command. |
| Related URL |
CVE-2001-0065 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
