TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

374

Signature ID: 6026

Proftpd mkdir buffer overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0911 Bugtraq: 612 Nessus: 10189,10190

Signature Description: The Proftpd remote FTP server can be crashed by creating a huge directory structure with

directory names not being longer than 255 chars. This is usually called the 'proftpd buffer overflow' even though it

affects other FTP servers. It is very likely that an attacker can use this flaw to execute arbitrary code on the remote

server.Solution is to upgrade the ProFTP server to the new version ProFTPD Project ProFTPD 1.2 pre6.<br>Consider

removing directories writable by 'anonymous'.

Signature ID: 6028

Easy File Sharing FTP Server PASS command Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2006-3952 CVE-2005-2841 Bugtraq: 19243,14770

Signature Description: EFS Software, Easy File Sharing FTP Server 2.0 is vulnerable to a stack-based buffer

overflow,caused by improper bounds checking of PASS commands. By sending an overly long PASS command(more

than 2751 bytes), a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of

the FTP server process.Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Signature ID: 6029

Wzdftpd SITE Command Arbitrary Command Execution Vulnerability

Threat Level: Severe

Industry ID: CVE-2005-3081 Bugtraq: 14935

Signature Description: WzdFTPD is an open Source free File Transfer Protocol (FTP) server product for Microsoft

Windows and Unix-based operating systems. SITE commands are a server specific extension to the common file

transfer protocol (FTP). These commands can be used to manage and control Wzdftpd remotely. Usually most of the

SITE commands can be used by the admin only so that the administrator can monitor, control the server remotely

without the need for editing configuration files. Wzdftpd version 0.5.4 and possibly other versions could allow a remote

attacker to inject shell commands caused by a vulnerability in SITE command parameters. The vulnerability is due to

the lack of sanitization of the SITE command, sent by the user, before passing it as command line argument. By

including the shell metacharacters, such as the pipe "|" or the semicolon ";" characters, an attacker can inject arbitrary

shell command to the target server. The commands would be executed with the privileges of the FTP server process.

Users are advised to upgrade to newer version.

Signature ID: 6031

Proftpd 1.2.0preN Access Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0368

CVE-1999-0368 Bugtraq: 2242,113,113 Nessus: 10464,10318

Signature Description: ProFTPd versions prior to and including 1.2pre1, as well as wuftpd versions up to

2.4.2academ[BETA-18] and 2.4.2 beta 18 vr9 are vulnerable to a buffer overflow that could result in remote root

access. The user must have the write access and be able to create an unusually long directory or directory structure in

order to exploit this buffer overflow. This rule detects the presence of a vulnerable server. The administrator is advised

to update the server software.proftp resolved this issue with version 1.2.0pre2; a patch is also available for 1.2.0pre1.

Signature ID: 6032

ProFTPd pre6 Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0911 Bugtraq: 612 Nessus: 10191