Vulnerabilities > CVE-2005-1323 - Buffer Overflow vulnerability in Intersoft Netterm 4.2.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
intersoft
nessus
exploit available
metasploit
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.

Vulnerable Configurations

Part Description Count
Application
Intersoft
1

Exploit-Db

  • descriptionNetTerm NetFTPD USER Buffer Overflow. CVE-2005-1323. Remote exploit for windows platform
    idEDB-ID:16735
    last seen2016-02-02
    modified2010-10-05
    published2010-10-05
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16735/
    titleNetTerm NetFTPD - USER Buffer Overflow
  • descriptionNetFTPd 4.2.2 User Authentication Remote Buffer Overflow Exploit. CVE-2005-1323. Remote exploit for windows platform
    idEDB-ID:955
    last seen2016-01-31
    modified2005-04-26
    published2005-04-26
    reporterSergio Alvarez
    sourcehttps://www.exploit-db.com/download/955/
    titleNetFTPd 4.2.2 - User Authentication Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits a vulnerability in the NetTerm NetFTPD application. This package is part of the NetTerm package. This module uses the USER command to trigger the overflow.
idMSF:EXPLOIT/WINDOWS/FTP/NETTERM_NETFTPD_USER
last seen2019-12-19
modified2018-09-15
published2005-11-24
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/netterm_netftpd_user.rb
titleNetTerm NetFTPD USER Buffer Overflow

Nessus

NASL familyFTP
NASL idNETFTPD.NASL
descriptionThe remote server is running NetTerm Netftpd server. There is a buffer overflow condition in the remote version of this software. An attacker may exploit this flaw to execute arbitrary code on the remote host with the privileges of the FTP server.
last seen2020-06-01
modified2020-06-02
plugin id18142
published2005-04-26
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18142
titleIntersoft NetTerm Netftpd USER Command Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if(description)
{
 script_id(18142);
 script_version ("1.18");
 script_cve_id("CVE-2005-1323");
 script_bugtraq_id(13396);

 script_name(english:"Intersoft NetTerm Netftpd USER Command Remote Overflow");
 script_summary(english:"Checks for NetTerm Netftpd");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service is prone to a buffer overflow.'
  );

  script_set_attribute(
    attribute:'description',
    value:"The remote server is running NetTerm Netftpd server.

There is a buffer overflow condition in the remote version of this
software. An attacker may exploit this flaw to execute arbitrary code
on the remote host with the privileges of the FTP server."
  );

  script_set_attribute(
    attribute:'solution',
    value: "Upgrade to a version of NetTerm greater than 5.1.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'NetTerm NetFTPD USER Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(
    attribute:'see_also',
    value:'https://www.securityfocus.com/archive/1/396959'
  );
  
  # https://web.archive.org/web/20050727084625/http://www.securenetterm.com/html/what_s_new.html
  script_set_attribute(
    attribute:'see_also',
    value:'http://www.nessus.org/u?5567affe'
    );

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/26");
 script_cvs_date("Date: 2018/11/15 20:50:22");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:intersoft:netterm");
  script_end_attributes();


 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_dependencie("ftp_anonymous.nasl", "ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);

 exit(0);
}

#
# The script code starts here
#

include("ftp_func.inc");

port = get_ftp_port(default: 21);

ftpbanner = get_ftp_banner(port:port);
if (! ftpbanner ) exit(1);
if ( egrep(pattern:"^220 NetTerm FTP server ready", string:ftpbanner) )
	security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83000/netterm_netftpd_user.rb.txt
idPACKETSTORM:83000
last seen2016-12-05
published2009-11-26
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/83000/NetTerm-NetFTPD-USER-Buffer-Overflow.html
titleNetTerm NetFTPD USER Buffer Overflow

References