Multiple FTPD glob Command Arbitrary Command Execution

critical Nessus Plugin ID 10821

Synopsis

The remote ftp server is affected by a remote code execution vulnerability.

Description

The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the string 'bracket', and then frees memory which may contain user-supplied data.

An attacker who is able to log in to a vulnerable server, including users with anonymous access, can exploit this to execute arbitrary code with the privileges of the FTP service.

Solution

Contact your vendor for a fix.

See Also

http://www.nessus.org/u?0332633c

https://seclists.org/bugtraq/2001/Nov/237

https://seclists.org/bugtraq/2001/Nov/258

Plugin Details

Severity: Critical

ID: 10821

File Name: ftpglob.nasl

Version: 1.56

Type: remote

Family: FTP

Published: 12/6/2001

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2001-0249

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/9/2001

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2001-0249, CVE-2001-0550

BID: 2550, 3581