Plugin: 10190

Hi,

Plugin ID 10190 (proftpd_overflow.nasl) doesn't check if
it's talking  
to a ProFTPD server. This script also crashes a vulnerable
Cisco FTP  
service by a long STOR command (system reboot), but it
doesn't report  
a flaw. Maybe the script could test for the right banner.
But on the  
other hand ProFTPD banner can be tweaked so taking away one 

false-negative could create the other.

--Ferdy--

--- proftpd_overflow.nasl   2007-03-20 06:56:00.000000000
+0100
+++ proftpd_overflow2.nasl  2007-06-10 20:37:24.000000000
+0200
 -94,6
+94,10 
  port = get_kb_item("Services/ftp");
  if(!port)port = 21;
  if(!get_port_state(port))exit(0);
+
+banner = get_ftp_banner(port:port);
+if ("ProFTPD" >!< banner) exit(0);
+
  soc = open_sock_tcp(port);
  if(soc)
  {



_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On 06/10/07 14:50, F. Riphagen wrote:

> Plugin ID 10190 (proftpd_overflow.nasl) doesn't check
if it's talking to 
> a ProFTPD server. This script also crashes a vulnerable
Cisco FTP 
> service by a long STOR command (system reboot), but it
doesn't report a 
> flaw. Maybe the script could test for the right banner.
But on the other 
> hand ProFTPD banner can be tweaked so taking away one
false-negative 
> could create the other.

Thanks for the patch, Ferdy. I applied a slight variation of
it (the 
banner check only is done if report_paranoia < 2).

George
-- 
thealltenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers