Signature Detail
Short Name |
FTP:COMMAND:SITE-CMD-INJ |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
ftp wzdftpd cesarftp |
Release Date |
2006/04/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: SITE Command Arbitrary Command Injection
This signature detects a maliciously crafted SITE request transmission to an FTP server. Such a request can be designed to execute arbitrary commands on a server hosting a FTP daemon. Commands are executed with the FTP service permissions.
Extended Description
The 'wzdftpd' utility is affected by a remote arbitrary command-execution vulnerability. This issue can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access. Version 0.5.4 of wzdftpd is reported to be vulnerable. Other versions may be affected as well.
Affected Products
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- wzdftpd 0.5.2
- wzdftpd 0.5.4
References
- BugTraq: 14935
- CVE: CVE-2005-3081
- URL: http://www.wzdftpd.net/