BSD Based FTP Server Multiple glob Function Remote Overflow

This script is Copyright (C) 2001-2013 Tenable Network Security, Inc.


Synopsis :

The remote ftp server is affected by a buffer overflow vulnerability.

Description :

It was possible to make the remote FTP server crash by creating a huge
directory structure and then attempting to list list it using wildcards.
This is usually known as the 'ftp glob overflow' attack. It may be
possible to exploit this to execute arbitrary code.

See also :

http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html
ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
http://www.openbsd.org/errata28.html#glob_limit

Solution :

Upgrade to the latest version of your FTP software.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10648 (ftp_glob_overflow.nasl)

Bugtraq ID: 2548

CVE ID: CVE-2001-0247