FreeBSD : tnftpd -- remotely exploitable vulnerability (c4b025bb-f05d-11d8-9837-000c41e2cdad)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD
project. The sources for lukemftpd are shipped with some versions of
FreeBSD, however it is not built or installed by default. The build
system option WANT_LUKEMFTPD must be set to build and install
lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein
lukemftpd was installed, but not enabled, by default.]

Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd
arising from races in the out-of-band signal handling code used to
implement the ABOR command. As a result of these races, the internal
state of the FTP server may be manipulated in unexpected ways.

A remote attacker may be able to cause FTP commands to be executed
with the privileges of the running lukemftpd process. This may be a
low-privilege `ftp' user if the `-r' command line option is specified,
or it may be superuser privileges if `-r' is *not* specified.

See also :

http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158
http://www.nessus.org/u?f8313496
http://www.nessus.org/u?0167350a
http://www.nessus.org/u?8f143a77

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36240 (freebsd_pkg_c4b025bbf05d11d89837000c41e2cdad.nasl)

Bugtraq ID: 10967

CVE ID: CVE-2004-0794

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now