Vulnerabilities > CVE-2001-0770 - Unspecified vulnerability in Steve Poulsen Guildftpd 0.97

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
steve-poulsen
nessus
NVD
Published: 2001-10-18
Updated: 2024-11-20

Summary

Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.

Vulnerable Configurations

Part Description Count
Application
Steve_Poulsen
1

Nessus

NASL familyFTP
NASL idGUILDFTPD_SITE_CMD_OVERFLOW.NASL
descriptionThe remote ftp server seems to be vulnerable to a denial of service attack through the SITE command when handling specially long requests. An attacker can exploit this flaw in order to crash the affected service or possibly execute arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id15851
published2004-11-30
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15851
titleGuildFTPd Long SITE Command Overflow
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15851);
 script_version("1.19");

 script_cve_id("CVE-2001-0770");
 script_bugtraq_id(2782);

 script_name(english:"GuildFTPd Long SITE Command Overflow");
 script_summary(english:"Sends an oversized SITE command to the remote server");

 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is vulnerable to a buffer overflow attack." );
 script_set_attribute(attribute:"description", value:
"The remote ftp server seems to be vulnerable to a denial of service
attack through the SITE command when handling specially long requests. 
An attacker can exploit this flaw in order to crash the affected
service or possibly execute arbitrary code." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/May/250" );
 script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/30");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/05/27");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_category(ACT_DENIAL);
  
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_dependencie("ftpserver_detect_type_nd_version.nasl", "ftp_anonymous.nasl");
 script_require_keys("ftp/login");
 script_require_ports("Services/ftp", 21);
 exit(0);
}

#
# da code
#

include("global_settings.inc");
include("misc_func.inc");
include("ftp_func.inc");

login = get_kb_item_or_exit("ftp/login");
password = get_kb_item("ftp/password");

port = get_ftp_port(default: 21);

 banner = get_ftp_banner(port:port);
 if ( ! banner || "GuildFTP" >!< banner ) exit(0);

soc = open_sock_tcp(port);
if (!soc) exit(1);

  if(ftp_authenticate(socket:soc, user:login,pass:password))
  {
   data = strcat('SITE ', crap(262), '\r\n');
   send(socket:soc, data:data);
   reply = ftp_recv_line(socket:soc);
   sleep(1);
   if (service_is_dead(port: port) > 0)
     security_hole(port);
  }
ftp_close(socket: soc);

References