> > > > It was possible to make the remote FTP server > > crash by issuing this command : > > > > CEL aaaa[...]aaaa > > It means that the remote host abruptly closed the communication when > it received the command above. Either this is because there > is a buffer > overflow condition, or because there is some code in it like : > > if ( strlen(request) > 255 ) > exit(1); /* User is Naughty */ > > > Nessus can not make the distinction remotely, therefore you'll have to > see for yourself (ie: is there a core file somewhere ?)
There aren't any core files left behind. And from a (very) quick look at the code I don't see anywhere where it would bomb out like that on invalid input. > > > Vulnerability found on port ftp (21/tcp) > > > > Buffer overflow in SunFTP build 9(1) allows remote > attackers to cause > > a denial of service or possibly execute arbitrary commands > by sending > > more than 2100 characters to the server. > > > > Solution : Switching to another FTP server, SunFTP is discontinued. > > > Same thing as above. The advice is true though - if SunFTP has been > discontinued, maybe you don't want to run this software on a > production > host. That's the thing, this isn't SunFTP. It is WU-ftpd 2.6.2, just the version bundled with Solaris 9. I removed the Solaris ftp packages and built the vanilla Wu-FTPd 2.6.2 from source. Testing that with Nessus produced the same other two vulnerabilities, but did not produce the SunFTP vulnerability warning. I'm not sure why this is...
