Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1921 |
| Message | FTP SITE ZIPCHK overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the GlFtpd ZIPCHK command that may permit the execution of arbitrary commands with the privileges of the process running GlFtpd. |
| Impact | Remote access. A successful attack may permit the execution of arbitrary commands with the privileges of GlFtpd on the vulnerable server. |
| Detailed Information | This event is generated when an attempt is made to exploit a vulnerability associated with the ZIPCHK command of the GlFtpd server. GlFtpd provides FTP software for UNIX hosts. The ZIPCHK command supplies integrity checking of a downloaded ZIP file. The file name supplied with the ZIPCHK is not scrutinized to determine if it is a valid name. An attacker can supply a UNIX command with the character ";" in the argument to the ZIPCHK command, causing the execution of the command with the privileges of the process running GlFtpd. |
| Affected Systems | Hosts running GlFtpd 1.17.2. |
| Attack Scenarios | An attacker can remotely execute arbitrary commands on the vulnerable server. |
| Ease of Attack | Simple. |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0040 |
| Rule References | cve: 2000-0040 |
--
DID:380855
--
http://www.aanval.com/