Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:EXPLOIT:OPENFTPD-MSG-FS

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 FTP

Keywords

 openFTPD

Release Date

 2004/11/23

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: OpenFTPD SITE MSG Format String


This signature detects attempts to exploit a known vulnerability in the OpenFTP daemon. A format string vulnerability exists that can allow a successful attacker to execute arbitrary code on the affected computer with user privileges.

Extended Description

Reportedly OpenFTPD is affected by a remote message format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that invoked the affected FTP server software.

Affected Products

  • OpenFTPD FTP Server 0.29.4
  • OpenFTPD FTP Server 0.30.0
  • OpenFTPD FTP Server 0.30.1
  • OpenFTPD FTP Server 0.30.2

References

  • BugTraq: 10830
  • URL: http://www.securitytracker.com/alerts/2004/Jul/1010823.html
  • URL: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-07/0360.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out