Hi,
Plugin ID 10190 (proftpd_overflow.nasl) doesn't check if it's talking
to a ProFTPD server. This script also crashes a vulnerable Cisco FTP
service by a long STOR command (system reboot), but it doesn't report
a flaw. Maybe the script could test for the right banner. But on the
other hand ProFTPD banner can be tweaked so taking away one
false-negative could create the other.
--Ferdy--
--- proftpd_overflow.nasl 2007-03-20 06:56:00.000000000 +0100
+++ proftpd_overflow2.nasl 2007-06-10 20:37:24.000000000 +0200
@@ -94,6 +94,10 @@
port = get_kb_item("Services/ftp");
if(!port)port = 21;
if(!get_port_state(port))exit(0);
+
+banner = get_ftp_banner(port:port);
+if ("ProFTPD" >!< banner) exit(0);
+
soc = open_sock_tcp(port);
if(soc)
{
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Plugin ID 10190 (proftpd_overflow.nasl) doesn't check if it's talking
to a ProFTPD server. This script also crashes a vulnerable Cisco FTP
service by a long STOR command (system reboot), but it doesn't report
a flaw. Maybe the script could test for the right banner. But on the
other hand ProFTPD banner can be tweaked so taking away one
false-negative could create the other.
--Ferdy--
--- proftpd_overflow.nasl 2007-03-20 06:56:00.000000000 +0100
+++ proftpd_overflow2.nasl 2007-06-10 20:37:24.000000000 +0200
@@ -94,6 +94,10 @@
port = get_kb_item("Services/ftp");
if(!port)port = 21;
if(!get_port_state(port))exit(0);
+
+banner = get_ftp_banner(port:port);
+if ("ProFTPD" >!< banner) exit(0);
+
soc = open_sock_tcp(port);
if(soc)
{
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers