Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1864 |
| Message | FTP SITE NEWER attempt |
| Summary | This event is generated when an attempt is made to enter the "SITE NEWER" command on an FTP server. |
| Impact | Denial of Service. Possible execution of arbitrary code is possible. |
| Detailed Information | When issued the "SITE NEWER" command, some versions of wu-ftpd can consume excessive ammounts of memory whichthen can effectively act as a denial of service to the entire system. If a user can create files on the system, it may be possible to execute code as the user running the ftpd daemon, typically root. |
| Affected Systems | wu-ftpd versions prior to and including 2.4.2. |
| Attack Scenarios | An attacker might be trying to DoS the system, and it could lead to arbitrary code execution with root privileges. |
| Ease of Attack | Medium |
| Corrective Action | Upgrade the wu-ftpd service |
| Additional References | Nessus: http://cgi.nessus.org/plugins/dump.php3?id=10319 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0880 |
| Rule References | cve: 1999-0880 nessus: 10319 |
--
DID:317497
--
http://www.aanval.com/