Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1920 |
| Message | FTP SITE NEWER overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a vulnerability associated with the FTP SITE NEWER command that may cause a denial of service or allow the upload of executable files. |
| Impact | Remote access or denial of service. A successful attack can cause a denial of service or allow the upload of executable files on the vulnerable FTP server. |
| Detailed Information | This event is generated when an attempt is made to exploit a vulnerability associated with the WU-FTP server version of the SITE NEWER command. It is possible to cause a denial of service attack that consumes memory or upload files to execute arbitrary commands with the privileges of the process running the FTP server. |
| Affected Systems | Hosts running WU-FTPD 2.5.0. |
| Attack Scenarios | An attacker can cause a denial of service or upload files to execute arbitrary commands on the vulnerable FTP server. |
| Ease of Attack | Difficult. No known exploits available. |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/737 |
| Rule References | bugtraq: 229 cve: 1999-0800 |
--
DID:439515
--
http://www.aanval.com/