TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

372

Signature ID: 6007

FTPd revealing the existence of a user

Threat Level: Information

Nessus: 10082

Signature Description: It is possible to determine the existence of a user on some remote FTP servers by issuing the

command CWD ~<username>, like : CWD ~root. An attacker may use this to determine the existence of known to be

vulnerable accounts (like guest) or to determine which system you are running. Solution: inform the vendor, and ask for

a patch, or change the FTP server. Risk factor : Low

Signature ID: 6008

CesarFTP MKD command Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2006-2961 Bugtraq: 18586

Signature Description: CesarFTP is an FTP server developed by ACLogic for Windows. A vulnerability has been

identified in CesarFTP version 0.99g, which could be exploited by attackers to execute arbitrary commands or cause a

denial of service. This flaw is due to a buffer overflow error when handling an overly long argument passed to the

"MKD" command, which could be exploited by authenticated users to compromise a vulnerable system or crash an

affected application.Remedy is to upgrade to newer versions.

Signature ID: 6011

Jana FTP Server PASV cmd DOS vulnerability

Threat Level: Information

Industry ID: CVE-1999-0079 CVE-2002-1063 Bugtraq: 5325 Nessus: 10085

Signature Description: Jana Server is a server for Microsoft Windows based systems and its support includes an FTP

server service.An authenticated remote user may use the PASV command to force Jana Server to open a new

connection. Reportedly, this connection does not time out, and will remain open indefinitely. A malicious user may

make a number of PASV requests and exhaust all TCP ports on the vulnerable system. <br>

Signature ID: 6012

QNX RTP ftpd STAT Buffer Overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2001-0325 Bugtraq: 2342 Nessus: 10692

Signature Description: RTP is the free version of the RTOS distributed by QNX Software Systems, Limited.A

vulnerability in the ftpd included with RTP version 5.60 could allow a user to arbitrarily execute code. The problem

lies in the code related to the execution of STAT command. A static buffer size of 100 bytes in the argv variable makes

it possible to overflow the buffer, and overwrite variables on the stack, including the possibility of the return address.

Shell code could then be passed onto the stack and executed with the privileges of the ftpd UID. For instance, the

command : STAT a a a a a a a (...) a a a a will make it crash. This makes it possible for a malicious user to execute

arbitrary code, and potentially gain elevated privileges.Solution is to change the FTP server.

Signature ID: 6014

Attempt to write on FTP Root directory

Threat Level: Critical

Industry ID: CVE-1999-0527

CVE-1999-0497 Nessus: 10088,10332

Signature Description: The permissions for system-critical data in an anonymous FTP account are inappropriate. It is

possible to write on the the root directory of anonymous FTP server. This allows an attacker to upload '.rhosts' or

'.forward' files, or to turn your FTP server in to a warez server.Solution : chown root ~ftp && chmod 0555 ~ftp.