This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
FTP:OVERFLOW:ASCII-WRITE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
FTP
|
Keywords |
ProFTP ASCII Off By Two Overflow
|
Release Date |
2005/09/28
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
FTP: ProFTP ASCII Off By Two Overflow
This signature detects an attempt to exploit an off-by-two vulnerability in ProFTP. This vulnerability can lead to arbitrary remote code execution within the context of the ftp server. Exploits are publicly available.
Extended Description
A remotely exploitable buffer overrun was reported in ProFTPD. This issue is due to insufficient bounds checking of user-supplied data in the '_xlate_ascii_write()' function, permitting an attacker to overwrite two bytes of memory adjacent to the affected buffer. The attacker may be able to exploit this to execute arbitrary code in the context of the server. The attacker may trigger this issue by submitting a RETR command to the server.
Affected Products
- Debian linux 2.2.0
- Debian linux 2.2.0 68k
- Debian linux 2.2.0 alpha
- Debian linux 2.2.0 arm
- Debian linux 2.2.0 IA-32
- Debian linux 2.2.0 Powerpc
- Proftpd_project proftpd 1.2.7
- Proftpd_project proftpd 1.2.8
- Proftpd_project proftpd 1.2.9 Rc1
- Proftpd_project proftpd 1.2.9 Rc2
- Red_hat linux 6.2.0
- Red_hat linux 6.2.0 Alpha
- Red_hat linux 6.2.0 E Alpha
- Red_hat linux 6.2.0 E I386
- Red_hat linux 6.2.0 E Sparc
- Red_hat linux 6.2.0 I386
- Red_hat linux 6.2.0 Sparc
- Red_hat linux 6.2.0 sparcv9
- Red_hat linux 7.1.0
- Red_hat linux 7.1.0 Alpha
- Red_hat linux 7.1.0 alphaev6
- Red_hat linux 7.1.0 I386
- Red_hat linux 7.1.0 i586
- Red_hat linux 7.1.0 i686
- Red_hat linux 7.1.0 Ia64
- Red_hat linux 7.1.0 iseries
- Red_hat linux 7.1.0 k i386
- Red_hat linux 7.1.0 noarch
- Red_hat linux 7.1.0 pseries
- Red_hat linux 7.2.0
- Red_hat linux 7.2.0 alpha
- Red_hat linux 7.2.0 athlon
- Red_hat linux 7.2.0 I386
- Red_hat linux 7.2.0 i586
- Red_hat linux 7.2.0 i686
- Red_hat linux 7.2.0 Ia64
- Red_hat linux 7.2.0 noarch
- Red_hat linux 7.3.0
- Red_hat linux 7.3.0 I386
- Red_hat linux 7.3.0 I686
- Red_hat linux 8.0.0
- Red_hat linux 8.0.0 I386
- Red_hat linux 8.0.0 I686
- Red_hat linux 9.0.0 I386
- Turbolinux appliance_server 1.0.0 Workgroup Edition
- Turbolinux appliance_server_workgroup_edition 1.0.0
- Turbolinux turbolinux_server 7.0.0
- Turbolinux turbolinux_server 8.0.0
- Turbolinux turbolinux_workstation 7.0.0
- Turbolinux turbolinux_workstation 8.0.0
References