HP-UX ftpd glob() Expansion STAT Buffer Overflow

critical Nessus Plugin ID 11372

Synopsis

The remote FTP server is affected by a buffer overflow vulnerability.

Description

The remote HPUX 11 FTP server is affected by a buffer overflow vulnerability. The overflow occurs when the STAT command is issued with an argument that expands into an oversized string after being processed by the 'glob()' function.

Solution

Apply the patch from your vendor.

See Also

http://www.nessus.org/u?91e769e0

Plugin Details

Severity: Critical

ID: 11372

File Name: hpftp_glob_stat.nasl

Version: 1.29

Type: remote

Family: FTP

Published: 3/13/2003

Updated: 10/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2001-0248

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: ftp/login, ftp/writeable_dir

Exploit Ease: No known exploits are available

Patch Publication Date: 9/10/2002

Vulnerability Publication Date: 4/9/2001

Reference Information

CVE: CVE-2001-0248

BID: 2552

CERT-CC: CA-2001-07