SlimFTPd Multiple Command Handling Overflow

high Nessus Plugin ID 15704

Synopsis

The remote FTP server is prone to multiple buffer overflow attacks.

Description

The remote host appears to be using SlimFTPd, a free, small, standards-compliant FTP server for Windows.

According to its banner, the version of SlimFTPd installed on the remote host is prone to one or more buffer overflow attacks that can lead to arbitrary code execution.

Note that successful exploitation of either of these flaws requires an attacker first authenticate.

Solution

Upgrade to SlimFTPd version 3.17 or later.

See Also

https://seclists.org/fulldisclosure/2004/Nov/333

https://seclists.org/bugtraq/2005/Jul/346

Plugin Details

Severity: High

ID: 15704

File Name: slimftpd_overflow.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 11/13/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/10/2004

Exploitable With

Core Impact

Metasploit (SlimFTPd LIST Concatenation Overflow)

Reference Information

CVE: CVE-2004-2418, CVE-2005-2373

BID: 11645, 14339