Multiple Vendor BSD ftpd glob() Buffer Overflow
Severity: : Critical
CVE Kennungen: : CVE-2001-0247
Advisory Date: 21 lipca 2015
DESCRIPTION
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000931
Trend Micro Deep Security DPI Rule Name: 1000931 - Multiple Vendor BSD ftpd glob() Buffer Overflow
AFFECTED SOFTWARE AND VERSION:
- FreeBSD FreeBSD 2.2
- FreeBSD FreeBSD 2.2.2
- FreeBSD FreeBSD 2.2.3
- FreeBSD FreeBSD 2.2.4
- FreeBSD FreeBSD 2.2.5
- FreeBSD FreeBSD 2.2.6
- FreeBSD FreeBSD 2.2.8
- FreeBSD FreeBSD 3.0
- FreeBSD FreeBSD 3.1
- FreeBSD FreeBSD 3.2
- FreeBSD FreeBSD 3.3
- FreeBSD FreeBSD 3.4
- FreeBSD FreeBSD 3.5
- FreeBSD FreeBSD 3.5.1
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.2
- MIT Kerberos 5 1.1.1
- MIT Kerberos 5 1.2
- MIT Kerberos 5 1.2.1
- MIT Kerberos 5 1.2.2
- NetBSD NetBSD 1.2.1
- NetBSD NetBSD 1.3
- NetBSD NetBSD 1.3.1
- NetBSD NetBSD 1.3.2
- NetBSD NetBSD 1.3.3
- NetBSD NetBSD 1.4
- NetBSD NetBSD 1.4.1
- NetBSD NetBSD 1.4.2
- NetBSD NetBSD 1.4.3
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.3
- OpenBSD OpenBSD 2.4
- OpenBSD OpenBSD 2.5
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.8
- RedHat Linux 7.0
- SGI IRIX 6.1
- SGI IRIX 6.5.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.11
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.3
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.4
- SGI IRIX 6.5.5
- SGI IRIX 6.5.6
- SGI IRIX 6.5.7
- SGI IRIX 6.5.8