 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.10821 |
| Kategorie: | FTP |
| Titel: | FTPD glob Heap Corruption |
| Zusammenfassung: | The FTPD glob vulnerability manifests itself in handling of the glob command.; The problem is not a typical buffer overflow or format string vulnerability,; but a combination of two bugs: an implementation of the glob command that does not; properly return an error condition when interpreting the string '~{',; and then frees memory which may contain user supplied data. This; vulnerability is potentially exploitable by any user who is able to log in to; a vulnerable server, including users with anonymous access. If successful, an; attacker may be able to execute arbitrary code with the privileges of FTPD,; typically root. |
| Beschreibung: | Summary: The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting the string '~ {', and then frees memory which may contain user supplied data. This vulnerability is potentially exploitable by any user who is able to log in to a vulnerable server, including users with anonymous access. If successful, an attacker may be able to execute arbitrary code with the privileges of FTPD, typically root. Solution: Contact your vendor for a fix. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2001-0249 BugTraq ID: 2550 http://www.securityfocus.com/bid/2550 http://www.cert.org/advisories/CA-2001-07.html NAI Advisory: 20010409 Globbing Vulnerabilities in Multiple FTP Daemons (Google Search) http://www.nai.com/research/covert/advisories/048.asp XForce ISS Database: ftp-glob-expansion(6332) https://exchange.xforce.ibmcloud.com/vulnerabilities/6332 Common Vulnerability Exposure (CVE) ID: CVE-2001-0550 BugTraq ID: 3581 http://www.securityfocus.com/bid/3581 Bugtraq: 20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability (Google Search) http://marc.info/?l=bugtraq&m=100700363414799&w=2 http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt Caldera Security Advisory: CSSA-2001-SCO.36 Caldera Security Advisory: CSSA-2002-SCO.1 http://www.cert.org/advisories/CA-2001-33.html CERT/CC vulnerability note: VU#886083 http://www.kb.cert.org/vuls/id/886083 Conectiva Linux advisory: CLA-2001:442 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442 Debian Security Information: DSA-087 (Google Search) http://www.debian.org/security/2001/dsa-087 HPdes Security Advisory: HPSBUX0107-162 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162 Immunix Linux Advisory: IMNX-2001-70-036-01 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01 ISS Security Advisory: 20011129 WU-FTPD Heap Corruption Vulnerability http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 http://www.redhat.com/support/errata/RHSA-2001-157.html SuSE Security Announcement: SuSE-SA:2001:043 (Google Search) http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html http://www.securityfocus.com/archive/82/180823 XForce ISS Database: wuftp-glob-heap-corruption(7611) https://exchange.xforce.ibmcloud.com/vulnerabilities/7611 |
| Copyright | Copyright (C) 2001 EMaze |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |