Short Name |
FTP:PABLO-FTP:FORMAT-STRING |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
Pablo FTP Server Format String DoS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the Pablo FTP Server. Versions 1.2, 1.3, and 1.5 running on Windows 2000 are vulnerable. Because the FTP server improperly parses format string characters, attackers can supply a maliciously crafted username to execute arbitrary code and crash the server.
A format string vulnerability has been reported in Pablo Software Solutions FTP Server. The vulnerability occurs due to inadequate checking of user-supplied input for the login credentials. An attacker can exploit this vulnerability by logging into the FTP server with a username that includes malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Attacker-supplied code will be executed with the privileges of the FTP server.