BSD Based FTP Server Multiple glob Function Remote Overflow

This script is Copyright (C) 2001-2013 Tenable Network Security, Inc.


Synopsis :

The remote ftp server is affected by a buffer overflow vulnerability.

Description :

It was possible to make the remote FTP server crash by creating a huge
directory structure and then attempting to list list it using wildcards.
This is usually known as the 'ftp glob overflow' attack. It may be
possible to exploit this to execute arbitrary code.

See also :

http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html
ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
http://www.openbsd.org/errata28.html#glob_limit

Solution :

Upgrade to the latest version of your FTP software.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10648 (ftp_glob_overflow.nasl)

Bugtraq ID: 2548

CVE ID: CVE-2001-0247

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial