TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

373

Signature ID: 6015

FTP (Serv-U) Directory Traversal Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0054

CVE-1999-0175 Bugtraq: 2052,2025 Nessus: 10565

Signature Description: FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the

ftproot of the drive where Serv-U FTP has been installed. It is possible to break out of the remote FTP chroot by

appending %20s in the CWD command, as in : CWD ..%20.This vulnerability allows an attacker to browse the entire

remote disk.Successful exploitation of this vulnerability could enable a remote user to gain access to system files,

password files, etc. This could lead to a complete compromise of the system.<br>Sotware versions 2.4 and 2.5 are

vulnerable to this problem.Solution is to upgrade to the version Cat Soft Serv-U 2.5i .

Signature ID: 6018

Guild FTPD File Existence Disclosure Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0640 Bugtraq: 1452 Nessus: 10471

Signature Description: Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via

a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not. The error

message "Download failed" appears if the requested file exists and "Access denied" if it does not. For instance, it is

possible to determine the presence of \autoexec.bat by requesting ../../../../autoexec.bat .An attacker may use this flaw to

gain more knowledge about this host, such as its file layout.Solution is to upgrade to latest version of the software.

Signature ID: 6020

Multiple FTP Vendor 'GET' Denial of Service Vulnerability

Threat Level: Warning

Bugtraq: 2698 Nessus: 10822

Signature Description: It is possible for a remote user to cause a denial of service on a host running Serv-U FTP

Server, G6 FTP Server or WarFTPd Server. Repeatedly submitting an 'a:/' GET or RETR request, appended with

arbitrary data, will cause the CPU usage to spike to 100%. Jgaa WarFTPd 1.71,Gene6 BPFTP Server 2.0,Cat Soft Serv-

U 2.5 are vulnerable to this attack.Solution is to upgrade to higher versions.<br> <br>

Signature ID: 6022

FTP 'guest' account on Windows NT systems

Threat Level: Information

Industry ID: CVE-1999-0546 Nessus: 10166

Signature Description: The 'guest' account on Windows NT systems is enabled by default.An attacker may use this

account to break into the system as the guest account will not run in a chrooted environement. Solution is to disable the

guset account.

Signature ID: 6025

ProFTPD Denial of Service Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-1501 Bugtraq: 6341,2496 Nessus: 10634

Signature Description: The remote ProFTPD server is vulnerable to an exhaustion attack which may cause the server to

consume all the available memory, so that the the server fails to service any new legitimate requests. The malicious

request takes the following form: NLST /../*/../*/../*/. Similar vulnerability exists with the STAT command, which is as

follows:STAT /*/*/*/*/*/*/*.Solution is to upgrade to ProFTPD to version 1.2.2 and modify the configuration file to

include : DenyFilter \*.*/ ,if ProFTPD is used.Otherwise contact the vendor.