Rule:--Sid:1529--Summary:This event is generated when an attempt is made to exploit a bufferoverflow or denial of service vulnerability associated with FTP SITE command. --Impact:Remote access or denial of service.  A successful attack can cause adenial of service or allow remote execution of arbitrary commands withprivileges of the process running the FTP server. --Detailed Information:This event is generated when an attempt is made to exploit variousvulnerabilities associated with the FTP SITE command of different FTPservers. The Windows Serv-U FTP server 2.5a can be made to crash when anoverly long argument is supplied to the SITE PASS command. The GuildFTPdfree Windows FTP server 0.97 is vulnerable to a buffer overflow causedby issuing a SITE command that is 261 bytes or longer. A buffer overflowexists in Debian Linux 2.2 FTP daemon that is caused by issuing a SITEcommand that is 400 bytes or longer. The buffer overflow attacks maypermit the execution of arbitrary commands with the privileges of theprocess running the FTP server. All of these attacks require loginaccess to the vulnerable server via an authenticated or anonymous user.--Affected Systems:	Serv-U FTP server 2.5a.	GuildFTPd Server 0.97.	Debian 2.2 FTP server.--Attack Scenarios:An attacker may login to a vulnerable FTP server and enter an overlylong file argument with the SITE command, causing a denial of service orbuffer overflow.--Ease of Attack:Simple.  --False Positives:None Known.--False Negatives:None Known.--Corrective Action:Upgrade to the latest non-affected version of the software.--Contributors:Sourcefire Vulnerability Research TeamBrian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com>Judy Novak <judy.novak@sourcefire.com>--Additional References:--