Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:LUKEMFTP:URG-RELOGIN

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 FTP

Release Date

 2004/08/18

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+

FTP: Lukemftp URG Relogin


This signature detects attempts to exploit a known vulnerability in the lukemftpd FTP server, also known as tnftpd. By sending carefully timed TCP packets with the URG pointer set, followed by a packet with login credentials, attackers can exploit a logic flaw and potentially gain remote root access.

Extended Description

It is reported that TNFTPD is susceptible to multiple remote superuser compromise vulnerabilities. These vulnerabilities are all derived from improper signal handler operations. Signals can be delivered to the vulnerable FTPD by a remote attacker via out-of-band TCP data (OOB). These vulnerabilities may allow an anonymous remote attacker to gain superuser privileges on computer hosting the affected software. TNFTPD versions prior to 10 Aug 2004 are reported vulnerable. All versions of Lukemftpd are reported vulnerable. NetBSD version 1.6.2 and prior, NetBSD-2.0 prior to 15 Aug 2004, as well as NetBSD-current prior to 10 Aug 2004 are reported vulnerable as well.

Affected Products

  • Apple Mac OS X 10.2.8
  • Apple Mac OS X 10.3.4
  • Apple Mac OS X 10.3.5
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.3.4
  • Apple Mac OS X Server 10.3.5
  • Gentoo Linux 1.4.0
  • Heimdal 0.3.0 f
  • Heimdal 0.4.0 a
  • Heimdal 0.4.0 b
  • Heimdal 0.4.0 c
  • Heimdal 0.4.0 d
  • Heimdal 0.4.0 e
  • Heimdal 0.5.0 .0
  • Heimdal 0.5.1
  • Heimdal 0.5.2
  • Heimdal 0.5.3
  • Heimdal 0.6.0
  • Heimdal 0.6.1
  • Heimdal 0.6.2
  • Luke Mewburn lukemftp 1.1.0
  • Luke Mewburn lukemftp 1.5.0
  • Luke Mewburn TNFTPD 20031217
  • NetBSD 1.3.0
  • NetBSD 1.3.1
  • NetBSD 1.3.2
  • NetBSD 1.3.3
  • NetBSD 1.4.0
  • NetBSD 1.4.0 Alpha
  • NetBSD 1.4.0 arm32
  • NetBSD 1.4.0 SPARC
  • NetBSD 1.4.0 x86
  • NetBSD 1.4.1
  • NetBSD 1.4.1 Alpha
  • NetBSD 1.4.1 arm32
  • NetBSD 1.4.1 sh3
  • NetBSD 1.4.1 SPARC
  • NetBSD 1.4.1 x86
  • NetBSD 1.4.2
  • NetBSD 1.4.2 Alpha
  • NetBSD 1.4.2 arm32
  • NetBSD 1.4.2 SPARC
  • NetBSD 1.4.2 x86
  • NetBSD 1.4.3
  • NetBSD 1.5.0
  • NetBSD 1.5.0 Sh3
  • NetBSD 1.5.0 X86
  • NetBSD 1.5.1
  • NetBSD 1.5.2
  • NetBSD 1.5.3
  • NetBSD 1.6.0
  • NetBSD 1.6.0 Beta
  • NetBSD 1.6.1
  • NetBSD 1.6.2
  • NetBSD 2.0.0
  • NetBSD Current
  • Sun Java Desktop System (JDS) 2.0.0
  • Sun Java Desktop System (JDS) 2003

References

  • BugTraq: 10967
  • CVE: CVE-2004-0794
  • URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc
  • URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0754.html
  • URL: http://secunia.com/advisories/12226

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy & Policy
Legal Notices
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out