Signature Detail

FTP: Command NOOP Sled Overflow

This signature detects attempts to exploit buffer overflow vulnerabilities against multiple FTP servers. Attackers can send long strings of NOOPs to overwrite the return address and gain control of the affected system. A successful attack can lead to arbitrary code execution.

Extended Description

A buffer overflow vulnerability has been confirmed in version 1.0.13 of Max-Wilhelm Bruker's FTP server BFTPD. The program fails to properly validate user-supplied input argumenting the SITE CHOWN command. An attacker could send a maliciously-formed string of characters following this command which exceeds the maximum length of the input buffer. The values stored in this buffer can overflow onto the stack, potentially overwriting the calling functions' return address with values that can alter the program's flow of execution. This could result in a remote attacker gaining root access on the target host.

Affected Products

• Max-wilhelm_bruker bftpd 1.0.13

References

• BugTraq: 2120
• BugTraq: 48704
• BugTraq: 49444
• BugTraq: 49427
• CVE: CVE-2001-0065
• URL: http://archives.neohapsis.com/archives/bugtraq/2000-12/0189.html