WarFTPD Multiple Format String Vulnerabilities
BID:20944
Info
WarFTPD Multiple Format String Vulnerabilities
| Bugtraq ID: | 20944 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5789 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Sep 14 2009 11:11PM |
| Credit: | Joxean Koret <[email protected]> is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
War FTP Daemon War FTP Daemon 1.82 RC11 War FTP Daemon War FTP Daemon 1.82.0 RC12 |
| Not Vulnerable: |
War FTP Daemon War FTP Daemon 1.82.0 RC13 |
Discussion
WarFTPD Multiple Format String Vulnerabilities
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed.
WarFTPd 1.82.00-RC11 is reported vulnerable; prior versions may be vulnerable as well.
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed.
WarFTPd 1.82.00-RC11 is reported vulnerable; prior versions may be vulnerable as well.
Exploit / POC
WarFTPD Multiple Format String Vulnerabilities
The following proof of concept may crash the server:
ftp> cdup %s*256
The following proof of concept may crash the server:
ftp> cdup %s*256
Solution / Fix
WarFTPD Multiple Format String Vulnerabilities
Solution:
Updates are available. Please see the references for details.
War FTP Daemon War FTP Daemon 1.82.0 RC12
War FTP Daemon War FTP Daemon 1.82 RC11
Solution:
Updates are available. Please see the references for details.
War FTP Daemon War FTP Daemon 1.82.0 RC12
-
War FTP Daemon war-ftpd-1.82-RC13-update.zip
http://www.warftp.org/files/1.7_Series/i386/war-ftpd-1.82-RC13-update. zip
War FTP Daemon War FTP Daemon 1.82 RC11
-
War FTP Daemon war-ftpd-1.82-RC13-update.zip
http://www.warftp.org/files/1.7_Series/i386/war-ftpd-1.82-RC13-update. zip
References
WarFTPD Multiple Format String Vulnerabilities
References:
References:
- Vendor Homepage (War FTP Daemon)
- War FTP Daemon Remote Denial Of Service Vulnerability (Jarle Aase
) - WarFTPd 1.82.00-RC11 Remote Denial Of Service (Joxean Koret
)