Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 SCAN:MISC:FTP:BSD-FTPD-MKD-OF

Severity

 Warning

Recommended

 No

Category

 SCAN

Keywords

 FreeBSD/OpenBSD FTPD mkd Buffer Overflow

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

SCAN: FreeBSD/OpenBSD FTPD mkd Buffer Overflow


This signature detects attempts to exploit the vulnerability against the FTPD that ships with early versions of FreeBSD 4.x and OpenBSD 2.8. FTPD 6.00LS and 6.5/OpenBSD versions are vulnerable. Successful exploitation can allow an attacker to gain local host access and root permissions.

Extended Description

The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon assumes that there can never be more than 512 bytes of user-supplied data. This is because that is usually how much data is read from a socket. Because of this assumption, certain memory copy operations involving user data lack bounds checking. It is possible for users to use metacharacters to expand file/path names through interpretation by glob() and exploit these overflowable conditions. In order to do so, the attacker's ftp account must be able to either create directories or directories with long enough names must exist already. Any attacker to successfully exploit this vulnerability would gain root access on the target host.

Affected Products

  • Compaq tru64 4.0.0 f
  • Compaq tru64 4.0.0 f PK6 (BL17)
  • Compaq tru64 4.0.0 f PK7 (BL18)
  • Compaq tru64 4.0.0 g
  • Compaq tru64 4.0.0 g PK3 (BL17)
  • Compaq tru64 5.0.0
  • Compaq tru64 5.0.0 a
  • Compaq tru64 5.0.0 a PK3 (BL17)
  • Compaq tru64 5.0.0 f
  • Compaq tru64 5.0.0 PK4 (BL17)
  • Compaq tru64 5.0.0 PK4 (BL18)
  • Compaq tru64 5.1.0
  • Compaq tru64 5.1.0 a
  • Compaq tru64 5.1.0 a PK1 (BL1)
  • Compaq tru64 5.1.0 PK3 (BL17)
  • Compaq tru64 5.1.0 PK4 (BL18)
  • Freebsd freebsd 2.2.0
  • Freebsd freebsd 2.2.2
  • Freebsd freebsd 2.2.3
  • Freebsd freebsd 2.2.4
  • Freebsd freebsd 2.2.5
  • Freebsd freebsd 2.2.6
  • Freebsd freebsd 2.2.8
  • Freebsd freebsd 3.0.0
  • Freebsd freebsd 3.1.0
  • Freebsd freebsd 3.2.0
  • Freebsd freebsd 3.3.0
  • Freebsd freebsd 3.4.0
  • Freebsd freebsd 3.5.0
  • Freebsd freebsd 3.5.1
  • Freebsd freebsd 4.0.0
  • Freebsd freebsd 4.1.0
  • Freebsd freebsd 4.1.1
  • Freebsd freebsd 4.2.0
  • Mit kerberos_5 1.1.1
  • Mit kerberos_5 1.2.0
  • Mit kerberos_5 1.2.1
  • Mit kerberos_5 1.2.2
  • Netbsd netbsd 1.2.1
  • Netbsd netbsd 1.3.0
  • Netbsd netbsd 1.3.1
  • Netbsd netbsd 1.3.2
  • Netbsd netbsd 1.3.3
  • Netbsd netbsd 1.4.0
  • Netbsd netbsd 1.4.1
  • Netbsd netbsd 1.4.2
  • Netbsd netbsd 1.4.3
  • Netbsd netbsd 1.5.0
  • Openbsd openbsd 2.3.0
  • Openbsd openbsd 2.4.0
  • Openbsd openbsd 2.5.0
  • Openbsd openbsd 2.6.0
  • Openbsd openbsd 2.7.0
  • Openbsd openbsd 2.8.0
  • Sgi irix 6.1.0
  • Sgi irix 6.5.0
  • Sgi irix 6.5.1
  • Sgi irix 6.5.10
  • Sgi irix 6.5.11
  • Sgi irix 6.5.2 m
  • Sgi irix 6.5.3
  • Sgi irix 6.5.3 f
  • Sgi irix 6.5.3 m
  • Sgi irix 6.5.4
  • Sgi irix 6.5.5
  • Sgi irix 6.5.6
  • Sgi irix 6.5.7
  • Sgi irix 6.5.8

References

  • BugTraq: 2548
  • CERT: CA-2001-07
  • CVE: CVE-2001-0247

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out