Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.COREFTP_2_2_1769.NASL
HistoryApr 03, 2013 - 12:00 a.m.

Core FTP < 2.2 build 1769 Multiple Buffer Overflows

2013-04-0300:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.5%

JSON

The version of Core FTP installed on the remote host is prior to 2.2 build 1769 (2.2.1768.0). It is, therefore, affected by multiple buffer overflow vulnerabilities because user-supplied input is not properly validated when handling directory names. A remote attacker could potentially exploit this issue with specially crafted directory names, resulting in a denial of service or code execution subject to the user’s privileges.

Note that the fix for this issue is version 2.2 Build 1769 while the actual file version is 2.2.1768.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65789);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id("CVE-2013-0130");
  script_bugtraq_id(58634);
  script_xref(name:"CERT", value:"370868");

  script_name(english:"Core FTP < 2.2 build 1769 Multiple Buffer Overflows");
  script_summary(english:"Checks version of Core FTP");

  script_set_attribute(attribute:"synopsis", value:
"An FTP client on the remote host is affected by multiple buffer
overflow vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Core FTP installed on the remote host is prior to 2.2
build 1769 (2.2.1768.0).  It is, therefore, affected by multiple buffer
overflow vulnerabilities because user-supplied input is not properly
validated when handling directory names.  A remote attacker could
potentially exploit this issue with specially crafted directory names,
resulting in a denial of service or code execution subject to the user's
privileges. 

Note that the fix for this issue is version 2.2 Build 1769 while the
actual file version is 2.2.1768.");
  script_set_attribute(attribute:"see_also", value:"http://coreftp.com/forums/viewtopic.php?t=137481");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Core FTP 2.2 build 1769 (2.2.1768.0) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0130");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:coreftp:coreftp");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("coreftp_stack_overflow.nasl");
  script_require_keys("SMB/CoreFTP/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

appname = 'Core FTP';
kb_base = "SMB/CoreFTP/";

path = get_kb_item_or_exit(kb_base + "Path");
version = get_kb_item_or_exit(kb_base + "Version");

# nb: While the build is 2.2.1769, the actual file version is 2.2.1768.
fix = "2.2.1768.0";

if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report = '\n  File              : ' + path + "coreftp.exe" +
             '\n  Installed version : ' + version +
             '\n  Fixed version     : ' + fix + '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
VendorProductVersionCPE
coreftpcoreftpcpe:/a:coreftp:coreftp

Related

prion 1
cvelist 1
cve 1
nvd 1
cert 1
prion
prion
Buffer overflow
2013-03-29 17:42:00
cvelist
cvelist
CVE-2013-0130
2022-10-03 16:15:03
cve
cve
CVE-2013-0130
2022-10-03 16:15:03
nvd
nvd
CVE-2013-0130
2013-03-29 17:42:29
cert
cert
CoreFTP contains a buffer overflow vulnerability
2013-03-21 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.5%

JSON
Related for COREFTP_2_2_1769.NASL
prion1cvelist1cve1nvd1cert1