Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:EXPLOIT:WIN32-WFTPD-BOF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 FTP

Keywords

 WFTPD Winsock win32 microsoft ftp ftpd

Release Date

 2004/11/08

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: WFTPD Command Buffer Overflow


This signature detects attempts to exploit a known vulnerability in WFTPD for Windows. Trial versions 3.20 and 3.21, Pro and Standard are vulnerable. Attackers can send invalid LIST, NLST, and STAT commands, which can allow malicious users to crash the service or execute arbitrary code.

Extended Description

Multiple vulnerabilities have been reported to affect versions 3.21 and 3.20 of WFTPD Server and WFTPD Pro Server, including potential denial of service conditions and remote command execution. The less serious of the vulnerabilities are the flaws which can be exploited to cause a denial of service. According to the report, the method by which WFTPD allocates additional memory is flawed in such a way that it can be exploited to exhaust available memory in a manner efficient to the attacker. Attackers may also take advantage of a buffer scan operation to spike CPU usage. The more serious vulnerability is a stack-based buffer overflow condition. The condition is present in the implementation of FTP commands LIST, NLST, and STAT. To exploit the vulnerability, the attacker must be authenticated as a valid user unless the Secure option in the registry is set to 0. There is a logical error (which may be due to the use of an incorrect macro) in the check that is in place to prevent a buffer overflow. This results the possibility to write a string of excessive length to the local buffer, corrupting the process stack. Note: Analysis is currently pending. This record will likely be retired as new entries are created for each individual vulnerability.

Affected Products

  • Texas Imperial Software WFTPD 3.0.0
  • Texas Imperial Software WFTPD 3.0.0 0R3
  • Texas Imperial Software WFTPD 3.0.0 0R4
  • Texas Imperial Software WFTPD 3.0.0 0R4 Pro
  • Texas Imperial Software WFTPD 3.0.0 0R5
  • Texas Imperial Software WFTPD 3.0.0 0R5 Pro
  • Texas Imperial Software WFTPD 3.0.0 Pro
  • Texas Imperial Software WFTPD 3.10.0 R1
  • Texas Imperial Software WFTPD 3.20.0
  • Texas Imperial Software WFTPD 3.21.0
  • Texas Imperial Software WFTPD Pro 3.10.0 R1
  • Texas Imperial Software WFTPD Pro 3.20.0
  • Texas Imperial Software WFTPD Pro 3.21.0

References

  • BugTraq: 9767
  • CVE: CVE-2004-0340
  • URL: http://www.securityfocus.com/archive/1/355680
  • URL: http://www.securitytracker.com/alerts/2004/Feb/1009258.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out