Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1728 |
Message | FTP CWD ~ |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the ftp server included with version 2.6 of the Sun Solaris operating system. |
Impact | Serious. |
Detailed Information | An error in the ftp daemon supplied with version 2.6 of Sun's Solaris operating system can cause the daemon to overflow a buffer and generate a core file that is world readable. The attacker may also be able to fill the disk partition by generating core files. |
Affected Systems | Sun Solaris 2.6 |
Attack Scenarios | An attacker can use a non-standard ftp client or initiate a session with the ftp server and issue a CWD ~ command. The attacker may then be able to read the core file and recover usernames and passwords for other users on the system |
Ease of Attack | Simple |
Corrective Action | Apply the appropriate vendor supplied patches Upgrade to the latest non-affected version of the software |
Additional References | |
Rule References | bugtraq: 2601 cve: 2001-0421 |
--
DID:803834
--
http://www.aanval.com/