Vulnerabilities > CVE-2006-2172 - Commands Remote Buffer Overflow vulnerability in Gene6 G6 FTP Server 3.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gene6
nessus

Summary

Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer.

Vulnerable Configurations

Part Description Count
Application
Gene6
1

Nessus

NASL familyFTP
NASL idGENE6_380.NASL
descriptionThe remote host appears to be using Gene6 FTP Server, a professional FTP server for Windows. According to its banner, the version of Gene6 FTP Server installed on the remote host contains buffer overflow vulnerabilities that can be exploited by an authenticated, possibly anonymous, user with specially crafted
last seen2020-06-01
modified2020-06-02
plugin id21324
published2006-05-04
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21324
titleGene6 FTP Server Multiple Command Remote Overflows
code
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
  script_id(21324);
  script_version("1.17");

  script_cve_id("CVE-2006-2172");
  script_bugtraq_id(17810);
 
  script_name(english:"Gene6 FTP Server Multiple Command Remote Overflows");
  script_summary(english:"Checks for buffer overflow vulnerabilities in Gene6 FTP Server");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by buffer overflow flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host appears to be using Gene6 FTP Server, a professional
FTP server for Windows. 

According to its banner, the version of Gene6 FTP Server installed on
the remote host contains buffer overflow vulnerabilities that can be
exploited by an authenticated, possibly anonymous, user with
specially crafted 'MKD', 'RMD', 'XMKD', and 'XRMD' commands to crash
the affected application or execute arbitrary code on the affected
host." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/432839/30/0/threaded" );
 script_set_attribute(attribute:"see_also", value:"http://www.g6ftpserver.com/forum/index.php?showtopic=2515" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Gene6 FTP Server version 3.8.0 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/05/04");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/03");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
  script_category(ACT_GATHER_INFO);
  script_family(english:"FTP");
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
  script_dependencies("ftpserver_detect_type_nd_version.nasl");
  script_require_ports("Services/ftp", 21);

  exit(0);
}


include("ftp_func.inc");
include("global_settings.inc");


port = get_ftp_port(default: 21);


banner = get_ftp_banner(port:port);
if (
  banner &&
  egrep(pattern:"^220[- ]Gene6 FTP Server v([0-2]\.|3\.([0-6]\..*|7\.0))", string:banner)
) security_hole(port);