Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FTP Vulnerability & Accompanying Activity - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FTP Vulnerability & Accompanying Activity
FTP Vulnerability and activity

With a significant increase in Port 21 traffic over the past few days;

http://isc.sans.org/port_details.php?port=21&days=120



Coupled with a release by Secunia regarding WS_FTP;



@ Secunia:

Release Date: 2004-11-30

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities

Vendor:

Ipswitch

http://secunia.com/advisories/13334/

Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched



Software: WS_FTP Server 3.x

WS_FTP Server 4.x

WS_FTP Server 5.x

Successful exploitation allows execution of arbitrary code.



The vulnerabilities have been confirmed in version 5.03. Other versions may
also be affected.



NOTE: Exploit code has been published.



This creates a situation in which we have a known vulnerability actively being searched and, possibly, successfully compromise of systems.



Solution:

A good policy would go a long way in protecting against this vulnerability. Grant only trusted users access to a vulnerable server, and Filter overly long arguments in a FTP proxy.





Tony Carothers

Handler on Duty



with help from P. Noli.... er, Nolan
Tony

150 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!