Signature Detail
Short Name |
FTP:USER:FORMAT-STRING |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
FTP |
Keywords |
ftp format string username |
Release Date |
2003/10/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: Username Format String Attack
This signature detects format string characters sent to an FTP server as a username. This can be an indication of an attempt to exploit a vulnerability in the FTP server.
Extended Description
A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed format specifiers within a malicious username. Successful exploitation of this vulnerability would allow an attacker to overwrite arbitrary locations in memory, ultimately allowing for the execution of arbitrary code. All commands executed in this manner would be run with the privileges of the Crob FTP Server.
Affected Products
- Crob Crob FTP Server 2.50.0
- Crob Crob FTP Server 2.50.4
References