FreeBSD : tnftpd -- remotely exploitable vulnerability (c4b025bb-f05d-11d8-9837-000c41e2cdad)

medium Nessus Plugin ID 36240

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD project. The sources for lukemftpd are shipped with some versions of FreeBSD, however it is not built or installed by default. The build system option WANT_LUKEMFTPD must be set to build and install lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein lukemftpd was installed, but not enabled, by default.]

Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd arising from races in the out-of-band signal handling code used to implement the ABOR command. As a result of these races, the internal state of the FTP server may be manipulated in unexpected ways.

A remote attacker may be able to cause FTP commands to be executed with the privileges of the running lukemftpd process. This may be a low-privilege `ftp' user if the `-r' command line option is specified, or it may be superuser privileges if `-r' is *not* specified.

Solution

Update the affected packages.

See Also

http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158

http://www.nessus.org/u?f8313496

http://www.nessus.org/u?141703f6

http://www.nessus.org/u?e66306ed

Plugin Details

Severity: Medium

ID: 36240

File Name: freebsd_pkg_c4b025bbf05d11d89837000c41e2cdad.nasl

Version: 1.15

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:lukemftpd, p-cpe:/a:freebsd:freebsd:tnftpd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/17/2004

Vulnerability Publication Date: 8/17/2004

Reference Information

CVE: CVE-2004-0794

BID: 10967