Check Point Advisories

Security Best Practice: Protect Yourself against FTP Format Strings Attacks

Check Point Reference: SBP-2007-06
Date Published: 15 Apr 2007
Severity: High
Last Updated: Monday 30 April, 2007
Source:
Protection Provided by:
Who is Vulnerable? FTP Servers
Vulnerability Description The File Transfer Protocol (FTP) is used to connect computers over the Internet enabling file transferring between their users. FTP format string attacks are a common threat on vulnerable systems. Format string attacks can be used to crash a program or to execute malicious code. Successful format string attack will compromise a target system.
Vulnerability DetailsRemote exploitation of a format string vulnerability could allow server crash or execution of arbitrary code. Format string is a way of telling the C compiler how it should format numbers when it prints them. A number of functions accept a format string as an argument. A remote attacker could include a crafted request within a certain function to crash the server or cause it to execute arbitrary code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK