FTP

	FTP
advICE :Exploits :Services : FTP

One of the oldest protocols on the Internet
Security Problems in FTP

Client IP address in the payload, making firewalls and address translators difficult
passive mode means opening up a huge hole (firewall rule: client-port > 1023 to server-port > 1023)
requires intelligent proxies
with enough tries, can connect to passive-mode data connection before the real client gets a chance
Intrusions:

Bounce attack
A classic network attack that results from misconfigured FTP servers. All administrators of FTP servers should understand how this attack works.
Invalid PORT Command
FTP PORT restricted
FTP CWD ~root command
FTP SITE EXEC command
FTP user name very long
FTP password very long
FTP CWD directory very long
FTP file name very long
FTP command line very long

CERT: CA-99-03-FTP-Buffer-Overflows
SITE STATS-Getting "STATS" from a web server gives good information on how to exploit other weaknesses, such as the PASV exploit.
Advisory: IIS FTP Exploit/DoS Attack-Buffer overflow in the NLIST command can crash or break into the FTP server.
FTP PASV "Pizza Thief" Exploit-Predicting possible connections in order to redict output.
Vulnerability in Broker FTP Server v. 3.0 Build 1-LIST ..\..\winnt\ will work, when it shouldn't
BugtraqID: 599
BugtraqID: 572-This client has a vulnerability in the code that processes the response to a CWD command.
BugtraqID: 269-CWD or LS commands with strings longer than 155 overflow the buffer
BugtraqID: 301
BugtraqID: 442-A buffer overflow exists in the authentication code, so that long hostnames or usernames can be used to break into the system.
BugtraqID: 650
BugtraqID: 658
BugtraqID: 401

RESOURCES

Books
FAQs
Intro
News
Lists
Notes

SEARCH