FTP Vulnerability and activity

With a significant increase in Port 21 traffic over the past few days;

http://isc.sans.org/port_details.php?port=21&days=120



Coupled with a release by Secunia regarding WS_FTP;



@ Secunia:

Release Date: 2004-11-30

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities

Vendor:

Ipswitch

http://secunia.com/advisories/13334/

Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched



Software: WS_FTP Server 3.x

WS_FTP Server 4.x

WS_FTP Server 5.x

Successful exploitation allows execution of arbitrary code.



The vulnerabilities have been confirmed in version 5.03. Other versions may
also be affected.



NOTE: Exploit code has been published.



This creates a situation in which we have a known vulnerability actively being searched and, possibly, successfully compromise of systems.



Solution:

A good policy would go a long way in protecting against this vulnerability. Grant only trusted users access to a vulnerable server, and Filter overly long arguments in a FTP proxy.





Tony Carothers

Handler on Duty



with help from P. Noli.... er, Nolan