GEN:SID | 1:2449 |
Message | FTP ALLO overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with Ipswitch WS FTP ALLO command.
|
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with system privileges. A Denial of Service (DoS) attack may also be possible.
|
Detailed Information | Ipswitch WS FTP is an FTP server. A vulnerability exists with the ALLO command that can cause a buffer overflow and permit the execution of arbitrary commands with system privileges. The buffer overflow can be caused by supplying an overly long argument to the ALLO command.
|
Affected Systems | Ipswitch WS FTP Server 1.0.1 through 1.0.5, 2.0 through 2.0.4, 3.0 1, 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.4, 4.0 2, 4.0 1 and 4.0 Ipswitch WS_FTP Pro 6.0, 7.5, 8.0 3, 8.0 2
|
Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the overflow to occur.
|
Ease of Attack | Simple. Many exploits exist.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Use scp as an alternative to ftp
Disallow ftp access to internal resources from external sources
|
Additional References | |
Rule References | bugtraq: 9953
|