BFTPD SITE CHOWN buffer overflow (FTP Site Chown Overflow)

About this signature or vulnerability

BlackICE:

Default risk level

High risk vulnerability High

Sensors that have this signature

BlackICE: 3.0

Systems affected

FreeBSD FreeBSD, Max-Wilhelm Bruker bftpd: 1.0.13

Type

Unauthorized Access Attempt

Vulnerability description

Max-Wilhelm Bruker's BFTPD is vulnerable to a buffer overflow in the SITE CHOWN command. By sending an overly long string of characters following the SITE CHOWN command, a remote attacker can overflow the buffer and overwrite the return address to gain root privileges on the system.

How to remove this vulnerability

No remedy available as of June 6, 2009.

References

BugTraq Mailing List, Wed Dec 13 2000 - 13:13:25 CST
Potential Buffer Overflow vulnerability in bftpd-1.0.13
http://archives.neohapsis.com/archives/bugtraq/2000-12/0189.html

ISS X-Force
BFTPD SITE CHOWN buffer overflow
http://www.iss.net/security_center/static/5775.php

CVE
CVE-2001-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0065