Short Name |
FTP:COMMAND:SITE-CMD-INJ |
---|---|
Severity |
Critical |
Recommended |
No |
Category |
FTP |
Keywords |
SITE Command Arbitrary Command Injection |
Release Date |
2006/04/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects a maliciously crafted SITE request transmission to an FTP server. Such a request can be designed to execute arbitrary commands on a server hosting a FTP daemon. Commands are executed with the FTP service permissions.
The 'wzdftpd' utility is affected by a remote arbitrary command-execution vulnerability. This issue can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access. Version 0.5.4 of wzdftpd is reported to be vulnerable. Other versions may be affected as well.