WarFTPd CWD/MKD Command Overflow

medium Nessus Plugin ID 11205

Synopsis

The remote FTP service is prone to a buffer overflow attack.

Description

The version of the War FTP Daemon running on this host is vulnerable to a buffer overflow attack. This is due to improper bounds checking within the code that handles both the CWD and MKD commands. By exploiting this vulnerability, it is possible to crash the server.

Solution

Upgrade to WarFTPd version 1.67-4 or later.

See Also

https://seclists.org/bugtraq/2000/Feb/44

https://seclists.org/bugtraq/2000/Feb/71

Plugin Details

Severity: Medium

ID: 11205

File Name: DDI_warftpd_cwd_overflow.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 1/22/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/3/2000

Reference Information

CVE: CVE-2000-0131

BID: 966