Signature Detail

FTP: Command Overflow

This signature detects overly long commands sent to an FTP server (greater than 1024 bytes). Such activity could be an indication of an exploit attempt.

Extended Description

ProFTPD is prone to a remote stack-based buffer-overflow vulnerability and a directory-traversal vulnerability because the application fails to perform adequate boundary checks on user-supplied data. A remote attacker can exploit the buffer-overflow vulnerability to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. A remote attacker can exploit the directory-traversal vulnerability to download and upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. ProFTPD version 1.3.3 is vulnerable.

Affected Products

• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 X86 64
• Mandriva Linux Mandrake 2010.0
• Mandriva Linux Mandrake 2010.0 X86 64
• Mandriva Linux Mandrake 2010.1
• Mandriva Linux Mandrake 2010.1 X86 64
• ProFTPD Project ProFTPD 1.3.3
• Red Hat Fedora 12
• Red Hat Fedora 13
• Red Hat Fedora 14
• Slackware Linux 11.0
• Slackware Linux 12.0
• Slackware Linux 12.1
• Slackware Linux 12.2
• Slackware Linux 13.0
• Slackware Linux 13.0 X86 64
• Slackware Linux 13.1
• Slackware Linux 13.1 X86 64
• Slackware Linux -Current
• Slackware Linux X86 64 -Current

References

• BugTraq: 44562
• CVE: CVE-2010-4221