Lucene search
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.SLIMFTPD_OVERFLOW.NASLHistoryNov 13, 2004 - 12:00 a.m.
SlimFTPd Multiple Command Handling Overflow
2004-11-1300:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
22
The remote host appears to be using SlimFTPd, a free, small, standards-compliant FTP server for Windows.
According to its banner, the version of SlimFTPd installed on the remote host is prone to one or more buffer overflow attacks that can lead to arbitrary code execution.
Note that successful exploitation of either of these flaws requires an attacker first authenticate.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(15704);
script_version("1.17");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_cve_id("CVE-2004-2418", "CVE-2005-2373");
script_bugtraq_id(11645, 14339);
script_name(english:"SlimFTPd Multiple Command Handling Overflow");
script_summary(english:"Checks version in the banner");
script_set_attribute(
attribute:"synopsis",
value:"The remote FTP server is prone to multiple buffer overflow attacks."
);
script_set_attribute(
attribute:"description",
value:
"The remote host appears to be using SlimFTPd, a free, small,
standards-compliant FTP server for Windows.
According to its banner, the version of SlimFTPd installed on the
remote host is prone to one or more buffer overflow attacks that can
lead to arbitrary code execution.
Note that successful exploitation of either of these flaws requires an
attacker first authenticate."
);
script_set_attribute(
attribute:"see_also",
value:"https://seclists.org/fulldisclosure/2004/Nov/333"
);
script_set_attribute(
attribute:"see_also",
value:"https://seclists.org/bugtraq/2005/Jul/346"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to SlimFTPd version 3.17 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SlimFTPd LIST Concatenation Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/13");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
script_family(english:"FTP");
script_dependencie("ftpserver_detect_type_nd_version.nasl");
script_require_ports("Services/ftp", 21);
exit(0);
}
include("ftp_func.inc");
port = get_ftp_port(default: 21);
banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1);
# There's a problem if...
if (
# The version in the banner is <= 3.16 or...
egrep(string:banner, pattern:"^220-SlimFTPd ([0-2]\.|3\.1[0-6][^0-9])")
) {
security_hole(port);
}
Related
cve
cve
CVE-2004-2418
2004-12-31 05:00:00
CVE-2005-2373
2005-07-26 04:00:00
checkpoint_advisories
checkpoint_advisories
SlimFTPd LIST Command Buffer Overflow (CVE-2005-2373)
2014-11-17 00:00:00
packetstorm
packetstorm
SlimFTPd LIST Concatenation Overflow
2009-11-26 00:00:00
Related for SLIMFTPD_OVERFLOW.NASL