BSD ftpd Single Byte Buffer Overflow

critical Nessus Plugin ID 11371

Synopsis

The remote ftp server is affected by a buffer overflow vulnerability.

Description

The remote ftp daemon contains a flaw in the 'replydirname()' function which allows an attacker to write a null byte beyond the boundaries of the local buffer. An attacker can exploit this to gain root access.

Solution

Apply the fix from the references above.

See Also

http://www.openbsd.org/advisories/ftpd_replydirname.txt

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch

Plugin Details

Severity: Critical

ID: 11371

File Name: ftpd_1byte_overflow.nasl

Version: 1.26

Type: remote

Family: FTP

Published: 3/13/2003

Updated: 10/28/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, ftp/login, ftp/writeable_dir

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/18/2000

Reference Information

CVE: CVE-2001-0053

BID: 2124