TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

377

the same group as the ftp account and are not write protected, an intruder will be able to add files (such as a .rhosts file)

or modify other files. This rule detects the presene of CWD command with etc as argument as this is the indication of

accessing the etc directory from outside. Therefore having files write-enabled on your FTP server can cause problems

such as allowing your site to become a pirated software drop point. Ref: CERT Advisory CA-93:10

Signature ID: 6047

Anonymous FTP directory setup vulnerability

Threat Level: Information

Signature Description: This rule hits when CWD command execution found.The anonymous FTP root directory (~ftp)

and its subdirectories should not be owned by the ftp account or be in the same group as the ftp account. This is a

common configuration problem. If any of these directories are owned by ftp or are in the same group as the ftp account

and are not write protected, an intruder will be able to add files (such as a .rhosts file) or modify other files. This rule

detects the presene of CWD command with bin as argument as this is the indication of accessing the BIN directory

from outside. Therefore having files write-enabled on your FTP server can cause problems such as allowing your site to

become a pirated software drop point. Ref: CERT Advisory CA-93:10

Signature ID: 6048

FTP Server Access with 'chmod' Command Vulnerability

Threat Level: Information

Signature Description: The FTP chmod command can be misused to make the system vulnerable. Intruders could

change the write permissions of the FTP root directory and gain further access.Attckers can change permissions to

overwrite binaries (e.g. 'ls') or change permissions on files to view or modify them.

Signature ID: 6049

Wu-ftpd SITE EXEC TAR command Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0202

Signature Description: Wu-ftpd 2.4.1 permits the use of SITE EXEC command to execute commands on the system. A

command line option to the GNU tar program allows a user with FTP access to execute arbitrary commands on an FTP

server by using the SITE EXEC command. This could allow a remote attacker to gain root-level access on the

vulnerable system.Solution is to upgrade the FTP server or change to a different type of FTP server.

Signature ID: 6053

Anonymous FTP Login allowed

Threat Level: Information

Signature Description: Some FTP servers allow anonymous login as a feature resulting in many security problems.

Anonymoue access to FTP server should be monitored well by the administrator as the default configuration on some

of the ftp servers allows access to internal directories.This rule raises an alarm when an anonymous login is allowed by

the FTP server.

Signature ID: 6054

Attempt to read password file through TFTP

Threat Level: Information

Signature Description: The TFTP (Trivial File Transfer Protocol) service running on the target host which can allow

the retrieval of arbitrary files. There has been a attempt to read password file. If the request is successful then TFTP is

not configured properly and, therefore, poses a very serious security treat.