Short Name |
FTP:EXPLOIT:OPENFTPD-MSG-FS |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
OpenFTPD SITE MSG Format String |
Release Date |
2004/11/23 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the OpenFTP daemon. A format string vulnerability exists that can allow a successful attacker to execute arbitrary code on the affected computer with user privileges.
Reportedly OpenFTPD is affected by a remote message format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that invoked the affected FTP server software.