Signature Detail
Short Name |
FTP:PABLO-FTP:FORMAT-STRING |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
Pablo FTP Server Format String DoS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: Pablo FTP Server Format String DoS
This signature detects attempts to exploit a known vulnerability against the Pablo FTP Server. Versions 1.2, 1.3, and 1.5 running on Windows 2000 are vulnerable. Because the FTP server improperly parses format string characters, attackers can supply a maliciously crafted username to execute arbitrary code and crash the server.
Extended Description
A format string vulnerability has been reported in Pablo Software Solutions FTP Server. The vulnerability occurs due to inadequate checking of user-supplied input for the login credentials. An attacker can exploit this vulnerability by logging into the FTP server with a username that includes malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Attacker-supplied code will be executed with the privileges of the FTP server.
Affected Products
- Pablo Software Solutions FTP Service 1.0.0
- Pablo Software Solutions FTP Service 1.2.0
- Pablo Software Solutions FTP Service 1.3.0
- Pablo Software Solutions FTP Service 1.5.0
References