|
|
Family: FTP --> Category: mixed
FTPD glob Heap Corruption Vulnerability Scan
Vulnerability Scan Summary
Check if the remote FTPD s vulnerable to a glob heap corruption vulnerability
Detailed Explanation for this Vulnerability Test
The FTPD glob vulnerability manifests itself in handling of the glob command.
The problem is not a typical buffer overflow or format string vulnerability,
but a combination of two bugs: an implementation of the glob command that does not
properly return an error condition when interpreting the string ~{,
and then frees memory which may contain user supplied data. This
vulnerability is potentially exploitable by any user who is able to log in to
a vulnerable server, including users with anonymous access. If successful, an
attacker may be able to execute arbitrary code with the rights of FTPD,
typically root.
Solution : Contact your vendor for a fix
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
