Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2449 |
Message | FTP ALLO overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with Ipswitch WS FTP ALLO command. |
Impact | Remote access. A successful attack may permit the remote execution of arbitrary commands with system privileges. A Denial of Service (DoS) attack may also be possible. |
Detailed Information | Ipswitch WS FTP is an FTP server. A vulnerability exists with the ALLO command that can cause a buffer overflow and permit the execution of arbitrary commands with system privileges. The buffer overflow can be caused by supplying an overly long argument to the ALLO command. |
Affected Systems | Ipswitch WS FTP Server 1.0.1 through 1.0.5, 2.0 through 2.0.4, 3.0 1, 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.4, 4.0 2, 4.0 1 and 4.0 Ipswitch WS_FTP Pro 6.0, 7.5, 8.0 3, 8.0 2 |
Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the overflow to occur. |
Ease of Attack | Simple. Many exploits exist. |
Corrective Action | Upgrade to the latest non-affected version of the software. Use scp as an alternative to ftp Disallow ftp access to internal resources from external sources |
Additional References | |
Rule References | bugtraq: 9953 cve: 2004-1883 nessus: 14598 |
--
DID:863752
--
http://www.aanval.com/