Vulnerabilities > CVE-2003-1319 - Buffer Overflow vulnerability in SmartFTP PWD Command Request

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
high complexity
smartftp
nessus
NVD
Published: 2003-12-31
Updated: 2017-07-29

Summary

Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.

Vulnerable Configurations

Part Description Count
Application
Smartftp
1

Nessus

NASL familyWindows
NASL idSMARTFTP_OVERFLOW.NASL
descriptionThe remote host is running SmartFTP - an FTP client. There is a flaw in the remote version of this software that could allow an attacker to execute arbitrary code on this host. To exploit it, an attacker would need to set up a rogue FTP server and have a user on this host connect to it.
last seen2020-06-01
modified2020-06-02
plugin id11709
published2003-06-10
reporterThis script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/11709
titleSmartFTP Multiple Command Response Overflow
code
#
# (C) Tenable Network Security, Inc.
#

# Ref: 
#
# Date: Mon, 09 Jun 2003 12:19:40 +0900
# From: ":: Operash ::" <[email protected]>
# To: [email protected]
# Subject: [SmartFTP] Two Buffer Overflow Vulnerabilities
#

include("compat.inc");

if(description)
{
 script_id(11709);
 script_version("1.21");
 script_cve_id("CVE-2003-1319");
 script_bugtraq_id(7858, 7861);

 script_name(english:"SmartFTP Multiple Command Response Overflow");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to execute arbitrary code on the remote host through a
remote FTP client." );
 script_set_attribute(attribute:"description", value:
"The remote host is running SmartFTP - an FTP client.

There is a flaw in the remote version of this software that could allow an 
attacker to execute arbitrary code on this host.

To exploit it, an attacker would need to set up a rogue FTP server and have 
a user on this host connect to it." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to version 1.0.976.x or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2003/06/10");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/06/09");
 script_cvs_date("Date: 2018/08/22 16:49:14");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_end_attributes();
 
 script_summary(english:"Determines the presence of SmartFTP");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows");
 
 script_dependencies("smartftp_detect.nasl");
 script_require_keys("SMB/SmartFTP/Version");

 exit(0);
}

include("misc_func.inc");
include("global_settings.inc");

version = get_kb_item_or_exit('SMB/FTP/Version');
install_path = get_kb_item('SMB/SmartFTP/Path');

if (ver_compare(ver:version, fix:'1.1.0.976') == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + install_path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 1.1.0.976\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, "The host is not affected since SmartFTP "+version+" is installed.");

References