Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: FTP Vulnerability & Accompanying Activity SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FTP Vulnerability & Accompanying Activity
FTP Vulnerability and activity

With a significant increase in Port 21 traffic over the past few days;

http://isc.sans.org/port_details.php?port=21&days=120



Coupled with a release by Secunia regarding WS_FTP;



@ Secunia:

Release Date: 2004-11-30

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities

Vendor:

Ipswitch

http://secunia.com/advisories/13334/

Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched



Software: WS_FTP Server 3.x

WS_FTP Server 4.x

WS_FTP Server 5.x

Successful exploitation allows execution of arbitrary code.



The vulnerabilities have been confirmed in version 5.03. Other versions may
also be affected.



NOTE: Exploit code has been published.



This creates a situation in which we have a known vulnerability actively being searched and, possibly, successfully compromise of systems.



Solution:

A good policy would go a long way in protecting against this vulnerability. Grant only trusted users access to a vulnerable server, and Filter overly long arguments in a FTP proxy.





Tony Carothers

Handler on Duty



with help from P. Noli.... er, Nolan
Tony

150 Posts
ISC Handler
Dec 6th 2004

Sign Up for Free or Log In to start participating in the conversation!