Short Name |
FTP:USER:FORMAT-STRING |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
FTP |
Keywords |
Username Format String Attack |
Release Date |
2003/10/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects format string characters sent to an FTP server as a username. This can be an indication of an attempt to exploit a vulnerability in the FTP server.
A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed format specifiers within a malicious username. Successful exploitation of this vulnerability would allow an attacker to overwrite arbitrary locations in memory, ultimately allowing for the execution of arbitrary code. All commands executed in this manner would be run with the privileges of the Crob FTP Server.