1975.txt

This is the snapshot of Snot Latest Rules

Rule:

--
Sid:
1975

--
Summary:
This event is generated when an attempt is made to supply an excessively long argument to an FTP command possibly in an attempt to exploit a buffer overflow vulnerability associated with CesarFTPD FTP server DELE command.

--
Impact:
Remote access.  A successful attack may permit the remote execution of arbitrary commands with system privileges.

--
Detailed Information:
CesarFTPD offers FTP servers for Windows hosts. A vulnerability exists with the DELE command that can cause a buffer overflow and permit the execution of arbitrary commands with system privileges. The buffer overflow can be caused by supplying an overly long argument to the DELE command.

Likewise, ArGoSoft FTP Server 1.4.2.8 suffers from a buffer overflow condition that can be exploited by supplying excess data as a parameter to the DELE command.

--
Affected Systems:
CesarFTP 0.98b
ArGoSoft FTP Server 1.4.2.8

--
Attack Scenarios:
An attacker can supply an overly long file argument with the DELE command, causing a buffer overflow.

--
Ease of Attack:
Simple.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
Brian Caswell <bmc@sourcefire.com> 
Nigel Houghton <nigel.houghton@sourcefire.com>
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/12755

--