TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

371

Signature ID: 6001

Directory traversal vulnerability in GuildFTPd 0.9.7

Threat Level: Warning

Industry ID: CVE-2001-0767

Bugtraq: 2789 Nessus: 10694

Signature Description: A security vulnerability in Version 0.9.7 of GuildFTP allows anyone with a valid FTP login to

list or read arbitrary files and directories on the system. This rule triggers when connection to GuildFTP 0.9.7 is made

from outside. Administrator should check for any suspicious activity.

Signature ID: 6002

ToxSoft NextFtp Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0671 Bugtraq: 572

Signature Description: ToxSoft NextFtp is a shareware FTP client for Windows. ToxSoft NextFtp client version 1.82 is

vulnerable to a buffer overflow in the code that parses CWD command replies. An attacker can overflow the buffer and

execute arbitrary commands on the client system by sending a CWD command reply with exploit code to the FTP

client.

Signature ID: 6003

Bftpd chown Buffer overflow vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0065 Bugtraq: 2120 Nessus: 10579

Signature Description: Buffer overflow problem in Max-Wilhelm Bruker, Bftpd, 1.0.13 allows remote attackers to

cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command (> 75 bytes). It

may be possible for a remote attacker to gain root access to the system.Solution : Upgrade the bftpd server to a version

1.0.14 or higher.

Signature ID: 6004

Bftpd format string vulnerability

Threat Level: Information

Nessus: 10568

Signature Description: FTP servers using bftpd versions below 1.0.13 do not properly sanitize the NLST command

output.In such cases it is possible for a remote attacker to gain root access<br>by writing into any directory served by

this ftp daemon.Solution: Upgrade the bftpd server to the version 1.0.14 or higher. This rule hits when psdx command

present in the ftp traffic.

Signature ID: 6005

Broker FTP Files Listing Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0450 Bugtraq: 301,2507 Nessus: 10556

Signature Description: A vulnerability in the Broker FTP Server version 5.0 for Windows NT and Windows 98 allow

remote users to obtain directory listings beyond the FTP root directory.The code related to commands LIST and NLST

do not check whether the requested file or directory falls outside the ftp root directory or not. This allows a remote user

connected to the FTP server to issue commands such as "LIST ..\..\winnt\" and "NLST ..\..\winnt\" to view the contents

of directories above the FTP root.Solution is to upgrade to the latest version of the software.