Signature Detail
Short Name |
SCAN:MISC:FTP:LOGXFR-OF1 |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
SCAN |
Keywords |
ProFTPD log_xfer() Buffer Overflow (1) |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: ProFTPD log_xfer() Buffer Overflow (1)
This signature detects attempts to exploit a known vulnerability against the log_xfer() function in ProFTPD. This vulnerability affects ProFTPD versions 1.2.0pre1, pre2, and pre3. Attackers can execute arbitrary code on the target host with administrator privileges.
Extended Description
The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c. The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not exceed 255 chars. 1.2pre6 limits the command buffer size to 512 characters in src/main.c and modifies the fix from 1.2pre4.
Affected Products
- ProFTPD Project ProFTPD 1.2.0 Pre1
- ProFTPD Project ProFTPD 1.2.0 Pre2
- ProFTPD Project ProFTPD 1.2.0 Pre3
- ProFTPD Project ProFTPD 1.2.0 Pre4
- ProFTPD Project ProFTPD 1.2.0 Pre5
References
- BugTraq: 612
- CVE: CVE-1999-0911
- URL: http://www.securityfocus.com/bid/612
- URL: http://www.debian.org/security/1999/19990210