Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-12-05 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

FTP Vulnerability & Accompanying Activity

Published: 2004-12-05
Last Updated: 2004-12-06 14:54:23 UTC
by Tony Carothers (Version: 1)
0 comment(s)
FTP Vulnerability and activity

With a significant increase in Port 21 traffic over the past few days;

http://isc.sans.org/port_details.php?port=21&days=120



Coupled with a release by Secunia regarding WS_FTP;



@ Secunia:

Release Date: 2004-11-30

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities

Vendor:

Ipswitch

http://secunia.com/advisories/13334/

Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched



Software: WS_FTP Server 3.x

WS_FTP Server 4.x

WS_FTP Server 5.x

Successful exploitation allows execution of arbitrary code.



The vulnerabilities have been confirmed in version 5.03. Other versions may
also be affected.



NOTE: Exploit code has been published.



This creates a situation in which we have a known vulnerability actively being searched and, possibly, successfully compromise of systems.



Solution:

A good policy would go a long way in protecting against this vulnerability. Grant only trusted users access to a vulnerable server, and Filter overly long arguments in a FTP proxy.





Tony Carothers

Handler on Duty



with help from P. Noli.... er, Nolan
Keywords:
0 comment(s)
Diary Archives