1975.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1976

--
Summary:
This event is generated when an attempt is made to supply an excessively
long argument to an FTP command possibly in an attempt to exploit a buffer
overflow vulnerability associated with CesarFTPD FTP server DELE command.

--
Impact:
Remote access.  A successful attack may permit the remote execution of
arbitrary commands with system privileges.

--
Detailed Information:
CesarFTPD offers FTP servers for Windows hosts. A vulnerability exists
with the DELE command that can cause a buffer overflow and permit the
execution of arbitrary commands with system privileges. The buffer
overflow can be caused by supplying an overly long argument to the DELE
command.

Likewise, ArGoSoft FTP Server 1.4.2.8 suffers from a buffer overflow
condition that can be exploited by supplying excess data as a parameter
to the DELE command.

--
Affected Systems:
	CesarFTP 0.98b
	ArGoSoft FTP Server 1.4.2.8

--
Attack Scenarios:
An attacker can supply an overly long file argument with the DELE
command, causing a buffer overflow.

--
Ease of Attack:
Simple.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
Brian Caswell <bmc@sourcefire.com> 
Nigel Houghton <nigel.houghton@sourcefire.com>
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/12755

--