Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 FTP:LUKEMFTP:URG-RELOGIN

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 FTP

Keywords

 Lukemftp URG Relogin

Release Date

 2004/08/18

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+

FTP: Lukemftp URG Relogin


This signature detects attempts to exploit a known vulnerability in the lukemftpd FTP server, also known as tnftpd. By sending carefully timed TCP packets with the URG pointer set, followed by a packet with login credentials, attackers can exploit a logic flaw and potentially gain remote root access.

Extended Description

It is reported that TNFTPD is susceptible to multiple remote superuser compromise vulnerabilities. These vulnerabilities are all derived from improper signal handler operations. Signals can be delivered to the vulnerable FTPD by a remote attacker via out-of-band TCP data (OOB). These vulnerabilities may allow an anonymous remote attacker to gain superuser privileges on computer hosting the affected software. TNFTPD versions prior to 10 Aug 2004 are reported vulnerable. All versions of Lukemftpd are reported vulnerable. NetBSD version 1.6.2 and prior, NetBSD-2.0 prior to 15 Aug 2004, as well as NetBSD-current prior to 10 Aug 2004 are reported vulnerable as well.

Affected Products

  • Apple mac_os_x 10.2.8
  • Apple mac_os_x 10.3.4
  • Apple mac_os_x 10.3.5
  • Apple mac_os_x_server 10.2.8
  • Apple mac_os_x_server 10.3.4
  • Apple mac_os_x_server 10.3.5
  • Gentoo linux 1.4.0
  • Heimdal heimdal 0.3.0 f
  • Heimdal heimdal 0.4.0 a
  • Heimdal heimdal 0.4.0 b
  • Heimdal heimdal 0.4.0 c
  • Heimdal heimdal 0.4.0 d
  • Heimdal heimdal 0.4.0 e
  • Heimdal heimdal 0.5.0 .0
  • Heimdal heimdal 0.5.1
  • Heimdal heimdal 0.5.2
  • Heimdal heimdal 0.5.3
  • Heimdal heimdal 0.6.0
  • Heimdal heimdal 0.6.1
  • Heimdal heimdal 0.6.2
  • Luke_mewburn lukemftp 1.1.0
  • Luke_mewburn lukemftp 1.5.0
  • Luke_mewburn tnftpd 20031217
  • Netbsd netbsd 1.3.0
  • Netbsd netbsd 1.3.1
  • Netbsd netbsd 1.3.2
  • Netbsd netbsd 1.3.3
  • Netbsd netbsd 1.4.0
  • Netbsd netbsd 1.4.0 Alpha
  • Netbsd netbsd 1.4.0 arm32
  • Netbsd netbsd 1.4.0 SPARC
  • Netbsd netbsd 1.4.0 x86
  • Netbsd netbsd 1.4.1
  • Netbsd netbsd 1.4.1 Alpha
  • Netbsd netbsd 1.4.1 arm32
  • Netbsd netbsd 1.4.1 sh3
  • Netbsd netbsd 1.4.1 SPARC
  • Netbsd netbsd 1.4.1 x86
  • Netbsd netbsd 1.4.2
  • Netbsd netbsd 1.4.2 Alpha
  • Netbsd netbsd 1.4.2 arm32
  • Netbsd netbsd 1.4.2 SPARC
  • Netbsd netbsd 1.4.2 x86
  • Netbsd netbsd 1.4.3
  • Netbsd netbsd 1.5.0
  • Netbsd netbsd 1.5.0 Sh3
  • Netbsd netbsd 1.5.0 X86
  • Netbsd netbsd 1.5.1
  • Netbsd netbsd 1.5.2
  • Netbsd netbsd 1.5.3
  • Netbsd netbsd 1.6.0
  • Netbsd netbsd 1.6.0 Beta
  • Netbsd netbsd 1.6.1
  • Netbsd netbsd 1.6.2
  • Netbsd netbsd 2.0.0
  • Netbsd netbsd Current
  • Sun java_desktop_system_(jds) 2.0.0
  • Sun java_desktop_system_(jds) 2003

References

  • BugTraq: 10967
  • CVE: CVE-2004-0794
  • URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0754.html
  • URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out