Short Name |
FTP:EXPLOIT:WIN32-WFTPD-BOF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
WFTPD Command Buffer Overflow |
Release Date |
2004/11/08 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in WFTPD for Windows. Trial versions 3.20 and 3.21, Pro and Standard are vulnerable. Attackers can send invalid LIST, NLST, and STAT commands, which can allow malicious users to crash the service or execute arbitrary code.
Multiple vulnerabilities have been reported to affect versions 3.21 and 3.20 of WFTPD Server and WFTPD Pro Server, including potential denial of service conditions and remote command execution. The less serious of the vulnerabilities are the flaws which can be exploited to cause a denial of service. According to the report, the method by which WFTPD allocates additional memory is flawed in such a way that it can be exploited to exhaust available memory in a manner efficient to the attacker. Attackers may also take advantage of a buffer scan operation to spike CPU usage. The more serious vulnerability is a stack-based buffer overflow condition. The condition is present in the implementation of FTP commands LIST, NLST, and STAT. To exploit the vulnerability, the attacker must be authenticated as a valid user unless the Secure option in the registry is set to 0. There is a logical error (which may be due to the use of an incorrect macro) in the check that is in place to prevent a buffer overflow. This results the possibility to write a string of excessive length to the local buffer, corrupting the process stack. Note: Analysis is currently pending. This record will likely be retired as new entries are created for each individual vulnerability.