Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
FTP:WU-FTP:SETPROCTITLE |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
WU-FTPD Setproctitle() Format String |
Release Date |
2003/04/23 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
FTP: WU-FTPD Setproctitle() Format String
This signature detects an attempt to exploit a ftp daemon by submitting a malicious SITE request containing format string characters. Successful exploitation can allow an attacker to execute arbitrary code with user privileges running the ftp daemon.
Extended Description
A number of ftp daemons, including versions of wu-ftpd, OpenBSD ftpd (ports of this package are distributed with some Linux distributions), HP-UX ftpd, and proftpd, have a vulnerability caused by the passing of user input to the set_proc_title() function. This function in turn calls setproctitle() after using this user data to generate a buffer to pass to setproctitle. setproctitle is defined as setproctitle(char *fmt, ...). The buffer created is passed as the format argument to setproctitle. setproctitle will make a call to the vsnprintf() call, taking the buffer passed as the format string. By carefully manipulating the contents of this buffer, a remote user can cause values on the stack to be overwritten, and potentially cause arbitrary code to be executed as root.
Affected Products
- Debian linux 2.1.0
- Debian linux 2.2.0
- Freebsd freebsd 1.1.5 .1
- Freebsd freebsd 2.0.0
- Freebsd freebsd 2.0.5
- Freebsd freebsd 2.1.0
- Freebsd freebsd 2.1.5
- Freebsd freebsd 2.1.6
- Freebsd freebsd 2.1.6 .1
- Freebsd freebsd 2.1.7 .1
- Hp hp-ux 10.10.0
- Hp hp-ux 10.20.0
- Hp hp-ux 11.0.0
- Linux ftpd 0.16.0
- Netbsd netbsd 1.0.0
- Netbsd netbsd 1.1.0
- Netbsd netbsd 1.2.0
- Netbsd netbsd 1.2.1
- Netbsd netbsd 1.3.0
- Netbsd netbsd 1.3.1
- Netbsd netbsd 1.3.2
- Netbsd netbsd 1.3.3
- Netbsd netbsd 1.4.0 Alpha
- Netbsd netbsd 1.4.0 arm32
- Netbsd netbsd 1.4.0 SPARC
- Netbsd netbsd 1.4.0 x86
- Netbsd netbsd 1.4.1 Alpha
- Netbsd netbsd 1.4.1 arm32
- Netbsd netbsd 1.4.1 SPARC
- Netbsd netbsd 1.4.1 x86
- Netbsd netbsd 1.4.2 Alpha
- Netbsd netbsd 1.4.2 arm32
- Netbsd netbsd 1.4.2 SPARC
- Netbsd netbsd 1.4.2 x86
- Openbsd openbsd 2.0.0
- Openbsd openbsd 2.1.0
- Openbsd openbsd 2.2.0
- Openbsd openbsd 2.3.0
- Openbsd openbsd 2.4.0
- Openbsd openbsd 2.5.0
- Openbsd openbsd 2.6.0
- Openbsd openbsd 2.7.0
- Opieftpd ftp 1.3.0
- Proftpd_project proftpd 1.2.0 Pre1
- Proftpd_project proftpd 1.2.0 Pre10
- Proftpd_project proftpd 1.2.0 Pre2
- Proftpd_project proftpd 1.2.0 Pre3
- Proftpd_project proftpd 1.2.0 Pre4
- Proftpd_project proftpd 1.2.0 Pre5
- Proftpd_project proftpd 1.2.0 Pre6
- Proftpd_project proftpd 1.2.0 Pre7
- Proftpd_project proftpd 1.2.0 Pre8
- Proftpd_project proftpd 1.2.0 Pre9
- Suse linux 6.0.0
- Suse linux 6.1.0
- Suse linux 6.2.0
- Suse linux 6.3.0
- Suse linux 6.3.0 alpha
- Suse linux 6.3.0 ppc
- Suse linux 6.4.0
- Suse linux 6.4.0 Alpha
- Suse linux 6.4.0 ppc
References