1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
Rule:
--
Sid:
2332
--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in an FTP server.
--
Impact:
Possible execution of arbitrary code.
--
Detailed Information:
FTP is used to transfer files between hosts. This event is indicative of spurious
activity in FTP traffic between hosts.
It is possible for a user to supply data to an FTP ommand and have it
interpreted as code. The attacker might then be able to run code of
their choosing with the privileges of the user running the FTP service.
--
Affected Systems:
PlatinumFTP PlatinumFTPserver 1.0.18
--
Attack Scenarios:
An attacker might utilize a vulnerability in an FTP daemon to gain access to a
host, then upload a Trojan Horse program to gain control of that host.
--
Ease of Attack:
Simple.
--
False Positives:
None Known
--
False Negatives:
None Known
--
Corrective Action:
Apply the appropriate vendor supplied patches.
Upgrade to the latest non-affected version of the software.
Disallow access to FTP resources from hosts external to the protected network.
Use secure shell (ssh) to transfer files as a replacement for FTP.
--
Contributors:
Sourcefire Research Team
Brian Caswell <brian.caswell@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
--
|
