Vulnerabilities > CVE-2004-2418 - Unspecified vulnerability in Whitsoft Development Slimftpd 3.15

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
whitsoft-development
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.

Vulnerable Configurations

Part Description Count
Application
Whitsoft_Development
1

Exploit-Db

descriptionSlimFTPd <= 3.15 Remote Buffer Overflow Exploit. CVE-2004-2418. Remote exploit for windows platform
idEDB-ID:623
last seen2016-01-31
modified2004-11-10
published2004-11-10
reporterclass101
sourcehttps://www.exploit-db.com/download/623/
titleSlimFTPd <= 3.15 - Remote Buffer Overflow Exploit

Nessus

NASL familyFTP
NASL idSLIMFTPD_OVERFLOW.NASL
descriptionThe remote host appears to be using SlimFTPd, a free, small, standards-compliant FTP server for Windows. According to its banner, the version of SlimFTPd installed on the remote host is prone to one or more buffer overflow attacks that can lead to arbitrary code execution. Note that successful exploitation of either of these flaws requires an attacker first authenticate.
last seen2020-06-01
modified2020-06-02
plugin id15704
published2004-11-13
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15704
titleSlimFTPd Multiple Command Handling Overflow
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(15704);
 script_version("1.17");
 script_cvs_date("Date: 2018/11/15 20:50:22");

 script_cve_id("CVE-2004-2418", "CVE-2005-2373");
 script_bugtraq_id(11645, 14339);
 
 script_name(english:"SlimFTPd Multiple Command Handling Overflow");
 script_summary(english:"Checks version in the banner");
 
 script_set_attribute(
  attribute:"synopsis",
  value:"The remote FTP server is prone to multiple buffer overflow attacks."
 );
 script_set_attribute(
  attribute:"description", 
  value: 
"The remote host appears to be using SlimFTPd, a free, small,
standards-compliant FTP server for Windows. 

According to its banner, the version of SlimFTPd installed on the
remote host is prone to one or more buffer overflow attacks that can
lead to arbitrary code execution. 

Note that successful exploitation of either of these flaws requires an
attacker first authenticate."
 );
 script_set_attribute(
  attribute:"see_also", 
  value:"https://seclists.org/fulldisclosure/2004/Nov/333"
 );
 script_set_attribute(
  attribute:"see_also", 
  value:"https://seclists.org/bugtraq/2005/Jul/346"
 );
 script_set_attribute(
  attribute:"solution", 
  value:"Upgrade to SlimFTPd version 3.17 or later."
 );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'SlimFTPd LIST Concatenation Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/13");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/10");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_dependencie("ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);
 exit(0);
}


include("ftp_func.inc");


port = get_ftp_port(default: 21);

banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1);


# There's a problem if...
if (
  # The version in the banner is <= 3.16 or...
  egrep(string:banner, pattern:"^220-SlimFTPd ([0-2]\.|3\.1[0-6][^0-9])")
) {
  security_hole(port);
}

References