Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:OVERFLOW:EASY-FTP-OF

Severity

 High

Recommended

 No

Category

 FTP

Keywords

 EASY FTP Multiple overflow DELE, STOR, RNFR, RMD, XRMD UplusFTP

Release Date

 2010/08/20

Update Number

 1757

Supported Platforms

 idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: Easy FTP Server Command Buffer Overflow


This signature detects attempts to exploit a known vulnerability in the Easy FTP Server 1.7.0.11. Other versions may also be affected. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server. Because the size of the buffer for this exploit is small, this signature can create false positives on normal traffic from other FTP software. No recommended action is attached to this signature due to the risk of false positives on other FTP software. If you are using Easy FTP or UplusFTP, set the action to drop.

Extended Description

Easy FTP Server (AKA UplusFTP) is prone to multiple remote buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Easy FTP Server 1.7.0.11 is vulnerable; other versions may also be affected.

Affected Products

  • easy ftp server 1.7.0.11

References

  • BugTraq: 42469
  • URL: http://sourceforge.net/projects/easyftpsvr/
  • URL: http://code.google.com/p/easyftpsvr/
  • URL: http://www.erisesoft.com/en/uplusftp.php

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out