Lucene search
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.NETFTPD.NASLHistoryApr 26, 2005 - 12:00 a.m.
Intersoft NetTerm Netftpd USER Command Remote Overflow
2005-04-2600:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
34
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.949
Percentile
99.3%
The remote server is running NetTerm Netftpd server.
There is a buffer overflow condition in the remote version of this software. An attacker may exploit this flaw to execute arbitrary code on the remote host with the privileges of the FTP server.
#
# (C) Tenable Network Security, Inc.
#
include( 'compat.inc' );
if(description)
{
script_id(18142);
script_version ("1.18");
script_cve_id("CVE-2005-1323");
script_bugtraq_id(13396);
script_name(english:"Intersoft NetTerm Netftpd USER Command Remote Overflow");
script_summary(english:"Checks for NetTerm Netftpd");
script_set_attribute(
attribute:'synopsis',
value:'The remote service is prone to a buffer overflow.'
);
script_set_attribute(
attribute:'description',
value:"The remote server is running NetTerm Netftpd server.
There is a buffer overflow condition in the remote version of this
software. An attacker may exploit this flaw to execute arbitrary code
on the remote host with the privileges of the FTP server."
);
script_set_attribute(
attribute:'solution',
value: "Upgrade to a version of NetTerm greater than 5.1.1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'NetTerm NetFTPD USER Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(
attribute:'see_also',
value:'https://www.securityfocus.com/archive/1/396959'
);
# https://web.archive.org/web/20050727084625/http://www.securenetterm.com/html/what_s_new.html
script_set_attribute(
attribute:'see_also',
value:'http://www.nessus.org/u?5567affe'
);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/26");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/26");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:intersoft:netterm");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"FTP");
script_dependencie("ftp_anonymous.nasl", "ftpserver_detect_type_nd_version.nasl");
script_require_ports("Services/ftp", 21);
exit(0);
}
#
# The script code starts here
#
include("ftp_func.inc");
port = get_ftp_port(default: 21);
ftpbanner = get_ftp_banner(port:port);
if (! ftpbanner ) exit(1);
if ( egrep(pattern:"^220 NetTerm FTP server ready", string:ftpbanner) )
security_hole(port);
Related
exploitdb
exploitdb
NetTerm NetFTPD - 'USER' Remote Buffer Overflow (Metasploit)
2010-10-05 00:00:00
NetFTPd 4.2.2 - User Authentication Remote Buffer Overflow
2005-04-26 00:00:00
metasploit
metasploit
NetTerm NetFTPD USER Buffer Overflow
2005-11-24 19:28:47
cvelist
cvelist
CVE-2005-1323
2005-04-27 04:00:00
cve
cve
CVE-2005-1323
2005-05-02 04:00:00
kaspersky
kaspersky
KLA10272 ACE vulnerability in NetTerm
2005-05-02 00:00:00
packetstorm
packetstorm
NetTerm NetFTPD USER Buffer Overflow
2009-11-26 00:00:00
nvd
nvd
CVE-2005-1323
2005-05-02 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.949
Percentile
99.3%
Related for NETFTPD.NASL