CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.3%
The remote server is running NetTerm Netftpd server.
There is a buffer overflow condition in the remote version of this software. An attacker may exploit this flaw to execute arbitrary code on the remote host with the privileges of the FTP server.
#
# (C) Tenable Network Security, Inc.
#
include( 'compat.inc' );
if(description)
{
script_id(18142);
script_version ("1.18");
script_cve_id("CVE-2005-1323");
script_bugtraq_id(13396);
script_name(english:"Intersoft NetTerm Netftpd USER Command Remote Overflow");
script_summary(english:"Checks for NetTerm Netftpd");
script_set_attribute(
attribute:'synopsis',
value:'The remote service is prone to a buffer overflow.'
);
script_set_attribute(
attribute:'description',
value:"The remote server is running NetTerm Netftpd server.
There is a buffer overflow condition in the remote version of this
software. An attacker may exploit this flaw to execute arbitrary code
on the remote host with the privileges of the FTP server."
);
script_set_attribute(
attribute:'solution',
value: "Upgrade to a version of NetTerm greater than 5.1.1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'NetTerm NetFTPD USER Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(
attribute:'see_also',
value:'https://www.securityfocus.com/archive/1/396959'
);
# https://web.archive.org/web/20050727084625/http://www.securenetterm.com/html/what_s_new.html
script_set_attribute(
attribute:'see_also',
value:'http://www.nessus.org/u?5567affe'
);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/26");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/26");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:intersoft:netterm");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"FTP");
script_dependencie("ftp_anonymous.nasl", "ftpserver_detect_type_nd_version.nasl");
script_require_ports("Services/ftp", 21);
exit(0);
}
#
# The script code starts here
#
include("ftp_func.inc");
port = get_ftp_port(default: 21);
ftpbanner = get_ftp_banner(port:port);
if (! ftpbanner ) exit(1);
if ( egrep(pattern:"^220 NetTerm FTP server ready", string:ftpbanner) )
security_hole(port);