GEN:SID | 1:1672 |
Message | FTP CWD ~ attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow associated with certain versions of the Sun Solaris FTP server.
|
Impact | Reconnaissance. An attacker may be able to examine records from the password shadow file.
|
Detailed Information | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with a globbing function in Sun Solaris FTP servers. An attacker may exploit this vulnerability by logging into the FTP server with a valid username and an invalid password then supplying the command "CWD ~". This may produce a core dump in the root directory with world-readable permissions that could be examined to discover valid FTP users for the server.
|
Affected Systems | SPARC
* Solaris 2.5 without patch 103577-13 * Solaris 2.5.1 without patch 103603-16 * Solaris 2.6 without patch 106301-03 * Solaris 2.7 without patch 110646-02 * Solaris 2.8 without patch 111606-01
Intel
* Solaris 2.5 without patch 103578-13 * Solaris 2.5.1 without patch 103604-16 * Solaris 2.6 without patch 106302-03 * Solaris 2.7 without patch 110647-02 * Solaris 2.8 without patch 111607-01
|
Attack Scenarios | An attacker may attempt to exploit this vulnerability to learn valid FTP usernames to later attempt brute force guessing of passwords.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software or apply the appropriate patch.
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/2601
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0421
|
Rule References | bugtraq: 2601
bugtraq: 9215
cve: 2001-0421
|