Max-Wilhelm Bruker bftpd Buffer Overflow Vulnerability

Bugtraq ID:	2120
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Dec 13 2000 12:00AM
Updated:	Dec 13 2000 12:00AM
Credit:	Reported to bugtraq by BAILLEUX Christophe <[email protected]> on Wed, 13 Dec 2000.
Vulnerable:	Max-Wilhelm Bruker bftpd 1.0.13 - BSDI BSD/OS 4.0.1 - BSDI BSD/OS 4.0 - BSDI BSD/OS 3.1 - Corel Linux OS 1.0 - Debian Linux 2.3 - Debian Linux 2.2 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.1.1 - FreeBSD FreeBSD 4.1 - Mandriva Linux Mandrake 7.1 - Mandriva Linux Mandrake 7.0 - NetBSD NetBSD 1.4.2 - OpenBSD OpenBSD 2.8 - Redhat Linux 7.0 - Redhat Linux 6.2 i386 - Redhat Linux 6.1 i386 - Sun Solaris 8_x86 - Sun Solaris 7.0_x86 - SuSE Linux 7.0 - SuSE Linux 6.4
Not Vulnerable:

Max-Wilhelm Bruker bftpd Buffer Overflow Vulnerability

A buffer overflow vulnerability has been confirmed in version 1.0.13 of Max-Wilhelm Bruker's FTP server BFTPD.

The program fails to properly validate user-supplied input argumenting the SITE CHOWN command.

An attacker could send a maliciously-formed string of characters following this command which exceeds the maximum length of the input buffer.

The values stored in this buffer can overflow onto the stack, potentially overwriting the calling functions' return address with values that can alter the program's flow of execution. This could result in a remote attacker gaining root access on the target host.

Max-Wilhelm Bruker bftpd Buffer Overflow Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Max-Wilhelm Bruker bftpd Buffer Overflow Vulnerability

References: